Skip to main content
SpringerLink
Log in

DevSecOps Metrics

  • Conference paper
  • First Online:
Information Systems: Research, Development, Applications, Education (SIGSAND/PLAIS 2019)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 359))

Included in the following conference series:

Abstract

DevSecOps is an emerging paradigm that breaks the Security Team Silo into the DevOps Methodology and adds security practices to the Software Development Cycle (SDL). Security practices in SDL are important to avoid data breaches, guarantee compliance with the law and is an obligation to protect customers data. This study aims to identify metrics teams can use to measure the effectiveness of DevSecOps methodology implementation inside organizations. To that end, we performed a Multivocal Literature Review (MLR), where we reviewed a selection of grey literature. Several metrics purposed by professionals to monitor DevSecOps were identified and listed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Silva, M., Faustino, J., Pereira, R., Da Silva, M.M.: Productivity gains of DevOps adoption in an IT team: a case study. In: Designing Digitalization, Lund (2018)

    Google Scholar 

  2. Mohan, V., Othmane, L.B.: SecDevOps: is it a marketing buzzword? - mapping research on security in DevOps. In: 11th International Conference on Availability, Reliability and Security (ARES), Salzburg (2016)

    Google Scholar 

  3. Rahman, A.A.U., Williams, L.: Software security in DevOps: synthesizing practitioners perceptions and practices. In: International Workshop on Continuous Software Evolution and Delivery, New York (2016)

    Google Scholar 

  4. Bass, L., Holz, R., Rimba, P., Tran, A.B., Zhu, L.: Securing a deployment pipeline. In: Third International Workshop on Release Engineering, New Jersey (2015)

    Google Scholar 

  5. Myrbakken, H., Colomo-Palacios, R.: DevSecOps: a multivocal literature review. In: Mas, A., Mesquida, A., O’Connor, Rory V., Rout, T., Dorling, A. (eds.) SPICE 2017. CCIS, vol. 770, pp. 17–29. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-67383-7_2

    Chapter  Google Scholar 

  6. Fenton, N., Bieman, J.: Software Metrics. CRC Press, Boca Raton (2015)

    MATH  Google Scholar 

  7. Garousi, V., Michael Felderer, M., Mäntylä, M.V.: The need for multivocal literature reviews in software engineering: complementing systematic literature reviews with grey literature. In: 20th International Conference on Evaluation and Assessment in Software Engineering (EASE 2016), New York (2016)

    Google Scholar 

  8. Elmore, R.F.: Comment on “towards rigor in reviews of multivocal literatures: applying the exploratory case study method”. Rev. Educ. Res. 61, 293–297 (1991)

    Article  Google Scholar 

  9. Smeds, J., Nybom, K., Porres, I.: DevOps: a definition and perceived adoption impediments. In: Lassenius, C., Dingsøyr, T., Paasivaara, M. (eds.) XP 2015. LNBIP, vol. 212, pp. 166–177. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-18612-2_14

    Chapter  Google Scholar 

  10. Roche, J.: Adopting DevOps practices in quality assurance. Commun. ACM 56(11), 8–20 (2013)

    Article  Google Scholar 

  11. Bang, S.K., Chung, S., Choh, Y., Dupuis, M.D.: A grounded theory analysis of modern web applications: knowledge, skills, and abilities for DevOps. In: 2nd Annual Conference on Research in Information Technology, New York (2013)

    Google Scholar 

  12. Lwakatare, L.E., Kuvaja, P., Oivo, M.: Dimensions of DevOps. In: Lassenius, C., Dingsøyr, T., Paasivaara, M. (eds.) XP 2015. LNBIP, vol. 212, pp. 212–217. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-18612-2_19

    Chapter  Google Scholar 

  13. Virmani, M.: Understanding DevOps & bridging the gap from continuous integration to continuous delivery. In: INTECH 2015, Pontevedra (2015)

    Google Scholar 

  14. Ebert, C., Gallardo, G., Hernantes, J., Serrano, N.: DevOps. IEEE Softw. 33, 94–100 (2016)

    Article  Google Scholar 

  15. Ray, H.T., Vemuri, R., Kantubhukta, H.R.: Toward an automated attack model for red teams. IEEE Secur. Privacy 3(4), 18–25 (2005)

    Article  Google Scholar 

  16. Kitchenham, B.: Procedures for Performing Systematic Reviews, Keele University Technical Report TR/SE-0401. Keele University, Keele (2004)

    Google Scholar 

  17. Chickowski, E.: Seven Winning DevSecOps Metrics Security Should Track, Bitdefender, 1 May 2018. https://businessinsights.bitdefender.com/seven-winning-devsecops-metrics-security-should-track. Accessed 25 Mar 2019

  18. Humphrey, A.: Diving into DevSecOps: Measuring Effectiveness & Success, Armor, 16 January 2018. https://www.armor.com/blog/diving-devsecops-measuring-effectiveness-success/. Accessed 29 Mar 2019

  19. Jerbi, A.: InfoWorld, 13 November 2017. https://www.infoworld.com/article/3237046/kpis-for-managing-and-optimizing-devsecops-success.html. Accessed 25 Mar 2019

  20. Hsu, T.: Hands-On Security in DevOps. Pack Publishing, Birmingham (2018)

    Google Scholar 

  21. Crouch, A.: https://www.agileconnection.com. Agile Connection, 13 December 2017. https://www.agileconnection.com/article/devsecops-incorporate-security-devops-reduce-software-risk. Accessed 26 Mar 2019

  22. Casey, K.: Enterprisers Project, 19 June 2018. https://enterprisersproject.com/article/2018/6/how-build-strong-devsecops-culture-5-tips?page=1. Accessed 26 Mar 2019

  23. Woodward, S.: BrightTalk, 18 September 2018. https://www.brighttalk.com/webcast/499/333412/devsecops-metrics-approaches-in-2018. Accessed 27 Mar 2019

  24. Vijayan, J.: TechBeacon. https://techbeacon.com/security/6-devsecops-best-practices-automate-early-often. Accessed 1 Apr 2019

  25. Raynaud, F.: DevSecCon, June 2017. https://www.devseccon.com/wp-content/uploads/2017/07/DevSecOps-whitepaper.pdf. Accessed 31 Mar 2019

  26. Paule, C.: Securing DevOps — Detection of Vulnerabilities in CD Pipelines. University of Stuttgart, Stuttgart (2018)

    Google Scholar 

  27. Jose, F.: Effective DevSecops, 3 July 2018. https://medium.com/@fabiojose/effective-devsecops-f22dd023c5cd. Accessed 3 Apr 2019

  28. Rao, M.: Synopsys, 6 July 2017. https://www.synopsys.com/blogs/software-security/devsecops-pipeline-checklist/. Accessed 2 Apr 2019

  29. Romeo, C.: Techbeacon, Microfocus. https://techbeacon.com/devops/3-most-crucial-security-behaviors-devsecops. Accessed 3 Mar 2019

Download references

Author information

Authors and Affiliations

  1. Instituto Universitário de Lisboa (ISCTE-IUL), Lisbon, Portugal

    Luís Prates, João Faustino & Miguel Silva

  2. ISTAR-IUL, Instituto Universitário de Lisboa (ISCTE-IUL), Lisbon, Portugal

    Rúben Pereira

Authors
  1. Luís Prates
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. João Faustino
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Miguel Silva
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Rúben Pereira
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Luís Prates , João Faustino or Rúben Pereira .

Editor information

Editors and Affiliations

  1. Department of Business Informatics, University of Gdansk, Gdansk, Poland

    Stanisław Wrycza

  2. Department of Business Informatics, University of Gdansk, Gdansk, Poland

    Jacek Maślankowski

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Prates, L., Faustino, J., Silva, M., Pereira, R. (2019). DevSecOps Metrics. In: Wrycza, S., Maślankowski, J. (eds) Information Systems: Research, Development, Applications, Education. SIGSAND/PLAIS 2019. Lecture Notes in Business Information Processing, vol 359. Springer, Cham. https://doi.org/10.1007/978-3-030-29608-7_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-29608-7_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-29607-0

  • Online ISBN: 978-3-030-29608-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation