Evaluating the impact of Devsecops on software quality: A systematic review and empirical study
Senior Quality Engineering Manager, CA, USA.
Review Article
World Journal of Advanced Research and Reviews, 2022, 14(01), 644-653
Publication history:
Received on 20 February 2022; revised on 22 April 2022; accepted on 25 April 2022
Abstract:
Security throughout the software development lifecycle is the prime concern in the current software engineering, thus giving rise to a natural evolution, DevSecOps, from DevOps. It, from the very outset of development, integrates security into the whole process and ensures its way into every phase of the software delivery pipeline, as opposed to the earlier paradigms of software development that would always consider security as an afterthought. Using a systematic literature review and an empirical study, this research investigates the influences of DevSecOps practices on quality, security, and organizational factors impacting software. The findings indicate that DevSecOps dramatically improves the security of software because it allows vulnerabilities to be identified and mitigated early on, thus redounding to the improved reliability of code while also reducing the attack surface. Automation here uses force to enable continuous security monitoring, automated vulnerability scanning, and rapid incident response. Continuous Integration and Continuous Deployment (CI/CD) pipelines promote smooth embedment of security checks into the software development workflow, thus reducing the possibility of their being introduced at later stages.
However, thus far, most challenges abound its adoption. Many organizations face the challenges with complexity of security tool; they have a steep learning curve for developers implementing DevSecOps; and there is often limited existence of security expertise in development teams. Finding a balance between conflicting issues such as trade-off security, on the one hand, and speed and agility that are the essence of DevOps on the other, continues to be a challenge because, on the one hand, security can slow down development cycles. Resistance to change and the culture of organizations are further barriers to the complete adoption of DevSecOps.
Therefore, the recommendations for addressing such problems include industry best practices like automated security testing, regulatory compliance, and culture fostering awareness on security. Organizations should also invest in training programs for developers with respect to security skills and create incentives for collaboration among development, security, and operations. Moreover, AI-based security automation promises to open an avenue through which security efficiency can be improved at high speed of detection of threats and by reducing manual efforts in security testing.
Keywords:
Dev SecOps; Software security; Automation; Continuous monitoring; Security-aware culture; AI-driven security
Full text article in PDF:
Copyright information:
Copyright © 2022 Author(s) retain the copyright of this article. This article is published under the terms of the Creative Commons Attribution Liscense 4.0