Software security risk management in DEVOPS methodology

Authors

  • Olga Kolisnichenko National Technical University of Ukraine «Igor Sikorsky Kiev Polytechnic Institute», Ukraine
  • Mykhailo Kolomytsev National Technical University of Ukraine «Igor Sikorsky Kiev Polytechnic Institute», Ukraine
  • Svitlana Nosok National Technical University of Ukraine «Igor Sikorsky Kiev Polytechnic Institute», Ukraine

DOI:

https://doi.org/10.20535/tacs.2664-29132021.1.251316

Abstract

It’s impossible to talk about cloud technologies, modern applications and, in general, digital transformation, and not to mention security. The same applies to software development, in particular the DevOps methodology. DevOps is a software development methodology that focuses on communication, integration, and collaboration between IT professionals ensuring rapid product deployment. DevOps practice reflects the idea of continuous improvement and automation. Many practices are designed for one or more stages of the development cycle. Three hundred hours spent on software development can be wasted in just 30 seconds, if only one defect during operation is detected. This, subsequently, can ruin reputation of the whole product, and as a result there will be no choice but to simply remove it from the market. And this establishes the importance and necessity of quality control [1].

To ensure quality of software products during development risk management should be used at every stage of the DevOps lifecycle. Implementing DevOps without paying attention to security will definitely increase risks of attacks. Risk is the occurrence of an uncertain event that positively or negatively affects measured criteria of project success. These can be events that have happened in the past or current events, or something that may happen in the future. These uncertain events can affect target, business, technical and qualitative objectives of the project [2].

Main stages of risk management include:

  • risk identification;
  • risk analysis and assessment;
  • risk response;
  • risk monitoring and control.

The purpose of the article is to choose the method of risk analysis and assessment in the DevOps methodology. When using risk management model in DevOps, it is important to choose risk assessment method that is optimal for the criteria relevant to DevOps. To such criteria authors attribute cost of resources, time spent, accuracy of evaluation. Therefore, the choice of risk assessment method is an important component of the process of creating secure software. Risk assessment methods such as PRisMA, PRAM, FMEA, DREAD and FTA were considered in this work.

Downloads

Published

2022-01-17

Issue

Vol. 3 No. 1 (2021): Theoretical And Applied Cybersecurity

Section

Software code vulnerabilities investigation and secure applications development

License

Authors who publish with this journal agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).