Skip to main content
SpringerLink
Log in

DevSecOps: A Multivocal Literature Review

  • Conference paper
  • First Online:
Software Process Improvement and Capability Determination (SPICE 2017)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 770))

Abstract

Involving security in DevOps has been a challenge because traditional security methods have been unable to keep up with DevOps’ agility and speed. DevSecOps is the movement that works on developing and integrating modernized security methods that can keep up with DevOps. This study is meant to give an overview of what DevSecOps is, what implementing DevSecOps means, the benefits gained from DevSecOps and the challenges an organization faces when doing so. To that end, we conducted a multivocal literature review, where we reviewed a selection of grey literature. We found that implementing security that can keep up with DevOps is a challenge, but it can gain great benefits if done correctly.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Mell, P.M., Grance, T.: The NIST definition of cloud computing. Special Publications (NIST SP)-800-145, 7 P. NIST Definitions on Cloud Computing, September 2011

    Google Scholar 

  2. Fitzgerald, B., Stol, K.J.: Continuous software engineering: a roadmap and agenda. J. Syst. Softw. 123, 176–189 (2017)

    Article  Google Scholar 

  3. Svensson, R.B., Claps, G.G., Aurum, A.: On the journey to continuous deployment: technical and social challenges along the way. Inf. Softw. Technol. 57, 21–31 (2015)

    Article  Google Scholar 

  4. Humble, J., Joanne, M.: Why enterprises must adopt devops to enable continuous delivery. J. Inf. Technol. Manage. 24, 7 (2011)

    Google Scholar 

  5. Hernantes, J., Ebert, C., Gallardo, G., Serrano, N.: Devops. IEEE Softw. 33(3), 94–100 (2016)

    Article  Google Scholar 

  6. Yankel, J., Cois, C.A., Connell, A.: Modern devops: optimizing software development through effective system interactions. In: 2014 IEEE International Professional Communication Conference (IPCC), pp. 1–7, October 2014

    Google Scholar 

  7. Callanan, M., Spillane, A.: Devops: making it easy to do the right thing. IEEE Softw. 33(3), 53–59 (2016)

    Article  Google Scholar 

  8. Spinellis, D.: Being a devops developer. IEEE Softw. 33(3), 4–5 (2016)

    Article  Google Scholar 

  9. Hewlett Packard Enterprise: Application security and devops. Technical report, Hewlett Packard Enterprise (2016)

    Google Scholar 

  10. MacDonald, N., Head, I.: DevSecOps: How to Seamlessly Integrate Security Into DevOps. Technical report, Gartner (2016)

    Google Scholar 

  11. Mohan, V., Othmane, L.B.: Secdevops: is it a marketing buzzword? - mapping research on security in devops. In: 2016 11th International Conference on Availability, Reliability and Security (ARES), pp. 542–547, August 2016

    Google Scholar 

  12. Ashfaque, A., Rahman, U., Williams, L.: Software security in devops: synthesizing practitioners’ perceptions and practices. In: Proceedings of the International Workshop on Continuous Software Evolution and Delivery, CSED 2016, pp. 70–76. ACM, New York (2016)

    Google Scholar 

  13. Oivo, M., Karvonen, T., Behutiye, W., Kuvaja, P.: Systematic literature review on the impacts of agile release engineering practices. Inf. Softw. Technol. 86, 87–100 (2017)

    Article  Google Scholar 

  14. Lwakatare, L.E., Teppola, S., Suomalainen, T., Eskeli, J., Karvonen, T., Kuvaja, P., Verner, J.M., Rodríguez, P., Haghighatkhah, A., Oivo, M.: Continuous deployment of software intensive products and services: a systematic mapping study. J. Syst. Softw. 123, 263–291 (2017)

    Article  Google Scholar 

  15. Ståhl, D., Bosch, J.: Modeling continuous integration practice differences in industry software development. J. Syst. Softw. 87, 48–59 (2014)

    Article  Google Scholar 

  16. Ogawa, R.T., Malen, B.: Towards rigor in reviews of multivocal literatures: applying the exploratory case study method. Rev. Educ. Res. 61(3), 265–286 (1991)

    Article  Google Scholar 

  17. Garousi, V., Mäntylä, M.V.: When and what to automate in software testing? a multi-vocal literature review. Inf. Softw. Technol. 76, 92–117 (2016)

    Article  Google Scholar 

  18. Junior, H.J., de França, B.B.N., Travassos, G.H.: Characterizing devops by hearing multiple voices. In: Proceedings of the 30th Brazilian Symposium on Software Engineering, SBES 2016, pp. 53–62. ACM, New York (2016)

    Google Scholar 

  19. Felderer, M., Garousi, V., Hacaloğlu, T.: Software test maturity assessment and test process improvement: a multivocal literature review. Inf. Softw. Technol. 85, 16–42 (2017)

    Article  Google Scholar 

  20. Felderer, M., Garousi, V., Mäntylä, M.V.: The need for multivocal literature reviews in software engineering: complementing systematic literature reviews with grey literature. In: Proceedings of the 20th International Conference on Evaluation and Assessment in Software Engineering, EASE 2016, pp. 26:1–26:6. ACM, New York (2016)

    Google Scholar 

  21. Shackleford, D.: A devsecops playbook. SANS Institute InfoSec Reading Room. A DevSecOps Playbook, March 2016

    Google Scholar 

  22. Vonnegut, S.: 4 keys to integrating security into devops (2016), https://goo.gl/aZ0S3i

  23. Lietz, S.: Shifting security to the left (2016), https://goo.gl/sbheKS

  24. Bledsoe, G.: Getting to devsecops: 5 best practices for integrating security into your devops (2016), https://goo.gl/ZPzgxa

  25. Lim, F.: Devsecops is the krav maga of security (2016), https://goo.gl/BH4MS2

  26. Lietz, S.: Principles of devsecops (2015), https://goo.gl/N8zcXV

  27. Greene, T.: What security teams need to know about devops (2016), https://goo.gl/c8VOn4

  28. Anonymous User. Security breaks devops - here’s how to fix it (2015). https://goo.gl/Yr1jk3

  29. Shackleford, D.: The devsecops approach to securing your code and your cloud. SANS Institute InfoSec Reading Room A DevSecOps Playbook, February 2017

    Google Scholar 

  30. Caum, C.: Getting started with policy-driven development and devsecops (2016). https://goo.gl/AevVcX

  31. Whitehat Security. Devops invites security to “join the party” (2016), https://goo.gl/spj0wK

  32. Hornbeek, M.: Devops makes security assurance affordable (2015), https://goo.gl/g0iKfZ

  33. Lindros, K.: How to craft an effective devsecops process with your team (2016), https://goo.gl/ppWtjx

  34. Romeo, C.: The 3 most crucial security behaviors in devsecops (2016), https://goo.gl/FJKuYQ

  35. Cureton, A.: Building security into devops: is devsecops the beginning of the future? (2017), https://goo.gl/Npv2Py

  36. McKay, J.: How to use devsecops to smooth cloud deployment (2016), https://goo.gl/vqoh4L

  37. Amazon Web Services. Introduction to devsecops on AWS (2016), https://goo.gl/wxl3YM

  38. Francis, R.: 7 ways devops benefits cisos and their security programs (2015), https://goo.gl/RxieGr

  39. Wallgreen, A.: Devsecops: 9 ways devops and automation bolster security, compliance (2015), https://goo.gl/RyA9QZ

  40. Rotenberg, M.: 7 essential steps to devsecops success (2016), https://goo.gl/JAOQlF

  41. Paul, F.: Secdevops: injecting security into devops processes (2015), https://goo.gl/Eul2fn

  42. Rohr, M.: Agile security and secdevops touch points (2015), https://goo.gl/peuqpS

  43. Goldschmidt, M., McKinnon, M.: Devsecops - agility with security. Technical report, Sense of Security (2016)

    Google Scholar 

  44. Elder, M.: Security considerations for devops adoption (2014), https://goo.gl/b0CStP

  45. Clarke, P.M., O’Connor, R.V., Elger, P.: Continuous software engineering–a microservices architecture perspective. J. Softw. Evol. Proc. 2017, e1866 (2017)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Østfold University College, Remmen, 1757, Halden, Norway

    Håvard Myrbakken & Ricardo Colomo-Palacios

Authors
  1. Håvard Myrbakken
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ricardo Colomo-Palacios
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ricardo Colomo-Palacios .

Editor information

Editors and Affiliations

  1. University of the Balearic Islands, Palma, Spain

    Antonia Mas

  2. University of the Balearic Islands, Palma, Baleares, Spain

    Antoni Mesquida

  3. Dublin University, Dublin, Ireland

    Rory V. O'Connor

  4. Software Quality Institute, Griffith University, Brisbane, Queensland, Australia

    Terry Rout

  5. Impronova AB, Askim, Sweden

    Alec Dorling

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Myrbakken, H., Colomo-Palacios, R. (2017). DevSecOps: A Multivocal Literature Review. In: Mas, A., Mesquida, A., O'Connor, R., Rout, T., Dorling, A. (eds) Software Process Improvement and Capability Determination. SPICE 2017. Communications in Computer and Information Science, vol 770. Springer, Cham. https://doi.org/10.1007/978-3-319-67383-7_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-67383-7_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-67382-0

  • Online ISBN: 978-3-319-67383-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation