Contribute to an international research project for building a body of knowledge on DevOps-driven Security Architectures.
Goals: we want to learn about software architectures that enable and integrate security in a DevOps environment.
Outcomes: practical guidelines to help software organizations to develop, apply, and evaluate a new generation of security architecture solutions in DevOps environments.
Who can help: any software practitioners involved in security, including: software architects, systems architects, security architects, DevOps engineers, infrastructure engineers, software engineers, release engineers, etc.
The results: the results will be analysed and published in peer-reviewed academic journals and also made available in summary to the wider software/IT/DevSecOps community through industry partners.
How you can participate
Take part in the preliminary survey to help set the research direction.
A more comprehensive survey will be open in the near future. Sign up below to receive updates.
With the rise of the complexity of cyber-attacks and cybersecurity requirements, building software-intensive systems that are inherently secure (i.e., trustworthy systems) is increasingly challenging. The matter gets worse in the age of DevOps, as development and deployment of software-intensive systems happen at the breakneck pace. Given the widespread industrial interests in DevOps, it is becoming important for practitioners and researchers to understand how, when, and by whom security should be integrated and practiced into DevOps (e.g., DevSecOps). On the other hand, it is proclaimed that integrating security policies, practices, and measurements early in design (i.e., the architecture of a software system) is critical for establishing secure DevOps (i.e., truly implementing DevSecOps).
With this research project, we want to learn about software architectures that enable and integrate security in a DevOps environment. Here, we refer to this class of software architectures as DevOps-driven security architectures. More concretely, this project aims at providing practical guidelines and tools that help software organizations to develop, apply, and evaluate a new generation of security architecture solutions in DevOps environments.
A conceptual theory of the practitioners’ skills, attitudes, and behaviours in secure DevOps.
A catalogue of architectural security vulnerabilities and corresponding solutions.
A conceptual framework to characterize DevOps-driven security architectures.
A process framework to design and evaluate DevOps-drive security architectures.
A toolset to support the activities of the process framework.
Who can help?
This project will greatly benefit from the practitioners who have a broad view on software development process including, but not limited to:
(Cyber) Security Engineers/Consultants
Continuous Delivery and Deployment Engineers/Architects/Consultants
Senior Software Engineers/Developer
Operations/Release/Build/ Infrastructure Engineers
Research Team: Mojtaba Shahin (Monash University, Australia), Matthew Skelton (Conflux, UK), Peng Liang (Wuhan University, China), Muhammad Waseem (Wuhan University, China), Ali Rezaei Nassab (Sirjan University of Technology, Iran), Simon Maple (Snyk.io)