DevSecOps: Principles and Security Pipeline Coursework

Exclusively available on Available only on IvyPanda® Written by Human No AI

DevSecOps is a set of principles aimed at integrating security concerns throughout the development and operations processes in IT development. Rather than introducing a specialist dedicated to security, it posits that security is the responsibility of every member of the development and operations teams, as well as closer interaction with security teams (Jeganathan, 2019). Thus, it calls for cultural and organizational changes where each developer understands the importance of security and the measures required to develop secure applications (Jeganathan, 2019). An individual developer plays a significant role in addressing security concerns by being aware of these concerns and integrating secure development practices throughout his or her development process. These practices can include secure coding, researching and mitigating exposed vulnerabilities, and collaborating with security specialists to perform code analysis and application security testing.

Under DevSecOps, security permeates the entire development life cycle: applications are initially designed with security in mind, and secure practices are followed from the creation of the code base. It is a continuous process where the software is tested for exposed vulnerabilities as it is developed and maintained (Jeganathan, 2019). Found vulnerabilities should be addressed before the software is released to a live environment (Jeganathan, 2019). This principle of integrating security concerns into established DevOps pipelines is the foundation of DevSecOps.

Plans for securing DevOps life cycles include strengthening the security of development process, creating secure code, and continuous security testing of the application. During the release and deployment phases, user and DevOps security becomes critical with well-implemented authentication and access controls, including multi-factor authentication (Jeganathan, 2019). Finally, automation, including automated security testing, plays a critical part of the deployment and operations phase, detecting critical vulnerabilities in new releases and rolling them back immediately if necessary (Jeganathan, 2019). DevSecOps does not provide specific steps, but rather general principles that should be adapted to individual organizations and projects. To this end, the security team should create specific policies and guidelines, while individual developers should be aware of and invested in the principles of IT security. This includes following secure development practices and noticing and bringing to the team’s attention any potential areas of improvements to the project’s security.

Reference

Jeganathan, S. (2019). DevSecOps: A systemic approach for secure software development. ISSA Journal, 17(11), 20-27.

More related papers Related Essay Examples
Cite This paper
You're welcome to use this sample in your assignment. Be sure to cite it correctly

Reference

IvyPanda. (2023, October 1). DevSecOps: Principles and Security Pipeline. https://ivypanda.com/essays/devsecops-principles-and-security-pipeline/

Work Cited

"DevSecOps: Principles and Security Pipeline." IvyPanda, 1 Oct. 2023, ivypanda.com/essays/devsecops-principles-and-security-pipeline/.

References

IvyPanda. (2023) 'DevSecOps: Principles and Security Pipeline'. 1 October.

References

IvyPanda. 2023. "DevSecOps: Principles and Security Pipeline." October 1, 2023. https://ivypanda.com/essays/devsecops-principles-and-security-pipeline/.

1. IvyPanda. "DevSecOps: Principles and Security Pipeline." October 1, 2023. https://ivypanda.com/essays/devsecops-principles-and-security-pipeline/.


Bibliography


IvyPanda. "DevSecOps: Principles and Security Pipeline." October 1, 2023. https://ivypanda.com/essays/devsecops-principles-and-security-pipeline/.

If, for any reason, you believe that this content should not be published on our website, you can request its removal.
Updated:
This academic paper example has been carefully picked, checked and refined by our editorial team.
No AI was involved: only quilified experts contributed.
You are free to use it for the following purposes:
  • To find inspiration for your paper and overcome writer’s block
  • As a source of information (ensure proper referencing)
  • As a template for you assignment
1 / 1