Security risk assessment is often a heavy manual process, making it expensive to perform. DevOps, that aims at improving software quality and speed of delivery, as well as DevSecOps that augmentsDevOps with the automation of security activities, provide tools and procedures to automate the risk assessment. We propose a solution to integrate risk assessment with the DevSecOps activities and processesin order to make the risk assessment more continuous and automated. The solution is illustrated on a use case where a rewall is updated on robot vehicles while risk assessment is done in an iterative manner. This approach aims at making assessment (and certication such as EUCC) processes easier.
Product Incremental Security Risk Assessment using DevSecOps Practices
A YautsiukhinCo-primo
Writing – Original Draft Preparation
;G IadarolaCo-ultimo
Software
;F MartinelliCo-ultimo
Supervision
;
2022
Abstract
Security risk assessment is often a heavy manual process, making it expensive to perform. DevOps, that aims at improving software quality and speed of delivery, as well as DevSecOps that augmentsDevOps with the automation of security activities, provide tools and procedures to automate the risk assessment. We propose a solution to integrate risk assessment with the DevSecOps activities and processesin order to make the risk assessment more continuous and automated. The solution is illustrated on a use case where a rewall is updated on robot vehicles while risk assessment is done in an iterative manner. This approach aims at making assessment (and certication such as EUCC) processes easier.File | Dimensione | Formato | |
---|---|---|---|
prod_474286-doc_193424.pdf
solo utenti autorizzati
Descrizione: Product Incremental Security Risk Assessment using DevSecOps Practices
Tipologia:
Documento in Pre-print
Licenza:
Creative commons
Dimensione
702.71 kB
Formato
Adobe PDF
|
702.71 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.