Security risk assessment is often a heavy manual process, making it expensive to perform. DevOps, that aims at improving software quality and speed of delivery, as well as DevSecOps that augmentsDevOps with the automation of security activities, provide tools and procedures to automate the risk assessment. We propose a solution to integrate risk assessment with the DevSecOps activities and processesin order to make the risk assessment more continuous and automated. The solution is illustrated on a use case where a rewall is updated on robot vehicles while risk assessment is done in an iterative manner. This approach aims at making assessment (and certication such as EUCC) processes easier.

Product Incremental Security Risk Assessment using DevSecOps Practices

A Yautsiukhin
Co-primo
Writing – Original Draft Preparation
;
G Iadarola
Co-ultimo
Software
;
F Martinelli
Co-ultimo
Supervision
;
2022

Abstract

Security risk assessment is often a heavy manual process, making it expensive to perform. DevOps, that aims at improving software quality and speed of delivery, as well as DevSecOps that augmentsDevOps with the automation of security activities, provide tools and procedures to automate the risk assessment. We propose a solution to integrate risk assessment with the DevSecOps activities and processesin order to make the risk assessment more continuous and automated. The solution is illustrated on a use case where a rewall is updated on robot vehicles while risk assessment is done in an iterative manner. This approach aims at making assessment (and certication such as EUCC) processes easier.
2022
Istituto di informatica e telematica - IIT
9783031254598
risk assessment
DevOps
DevSecOps
certification
incremental security
cybersecurity
STRIDE
EUCC
File in questo prodotto:
File Dimensione Formato  
prod_474286-doc_193424.pdf

solo utenti autorizzati

Descrizione: Product Incremental Security Risk Assessment using DevSecOps Practices
Tipologia: Documento in Pre-print
Licenza: Creative commons
Dimensione 702.71 kB
Formato Adobe PDF
702.71 kB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.14243/444147
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? ND
social impact