Software Security Activities that Support Incident Management in Secure DevOps
Chapter
Accepted version
Permanent lenke
http://hdl.handle.net/11250/2571489Utgivelsesdato
2018Metadata
Vis full innførselSamlinger
- Publikasjoner fra CRIStin - SINTEF AS [5638]
- SINTEF Digital [2381]
Originalversjon
ARES 2018. Proceedings of the 13th International Conference on Availability, Reliability and Security, Hamburg, Germany — August 27 - 30, 2018, pp6Sammendrag
Many software services are currently created using DevOps, where developers and operations personnel are more tightly integrated. The DevOps paradigm enables shorter development cycles, but increased speed has raised concerns over whether security issues may be overlooked. However, perfect security is never achievable, and in addition to the proactive software security efforts, we also need a reactive effort to handle flaws and bugs that are not discovered before they are used in an attack. In this paper we explore how focus on incident management and collaboration with developers can contribute to improved software security.