Skip to main content
Springer Nature Link
Log in

Method for Promoting the Introduction of DevSecOps to Improve Security Quality

  • Conference paper
  • First Online:
Advances in Networked-based Information Systems (NBiS 2023)

Part of the book series: Lecture Notes on Data Engineering and Communications Technologies ((LNDECT,volume 183))

Included in the following conference series:

  • 361 Accesses

Abstract

With the advancement of IT, the cycle from development to operations in software development is getting faster, and mainly many large companies have been adopting DevOps to keep up. Meanwhile, DevSecOps, a development methodology designed to improve the security quality of DevOps, is gaining attention due to the increasing number of security incidents. However, DevSecOps adoption is still not well understood enough to maintain an adequate level of security. We therefore developed a method to promote the introduction of DevSecOps for improving security quality in software development. Specifically, we first analyzed the results of several software development exercises by students at the Chiba Institute of Technology to investigate how security features are implemented. Next, we conducted a detailed analysis of these implementations at each stage of the development process to clarify which ones should be implemented at each step and to identify guidelines for promoting the adoption of DevSecOps.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    TSF: TOE Security Functionality, TOE: Target of Evaluation.

References

  1. Doors DX Media: “DevSecOps Days Tokyo” Report (1), https://www.brainpad.co.jp/doors/feature/devsecops_report_1/ (2021). (in Japanese)

  2. Information-technology Promotion Agency, Japan (IPA), Basics of CC (ISO15408). https://www.ipa.go.jp/security/jisec/seminar/ps6vr7000000qsq5-att/cc_20060222.pdf (2006). (in Japanese)

  3. IBM, What is DevSecOps ? https://www.ibm.com/jp-ja/topics/devsecops (in Japanese)

  4. T. Kaneko, Introduction to Security by Design, IPA. https://www.ipa.go.jp/files/000055823.pdf (2016). (in Japanese)

  5. Google Cloud, DevOps Capability. https://cloud.google.com/architecture/devops/capabilities. (in Japanese)

  6. Doors DX Media, “DevSecOps Days Tokyo” Report (3), 2021. https://www.brainpad.co.jp/doors/feature/devsecops_report_3-1/ (in Japanese),

  7. IT Dictionary, Common Criteria / ISO/IEC 15408. https://onl.tw/cGGvKsYd. (in Japanese)

  8. Information-technology Promotion Agency, Japan (IPA), Overview of CC (ISO/IEC 15408). https://www.ipa.go.jp/security/jisec/about_cc.html (2008). (in Japanese)

  9. NISC, Measures to ensure information security from the planning and design stages (SBD (Security by Design)). https://www.nisc.go.jp/active/general/pdf/SBD_overview.pdf (in Japanese)

  10. CyberSecurity.com, What is Security by Design? A thorough explanation of its necessity, benefits, and precautions. https://cybersecurity-jp.com/security-measures/29134 (2020). (in Japanese)

  11. TECH+, 5 Issues impeding the shift to DevSecOps and how to solve them. https://news.mynavi.jp/techplus/kikaku/20211207-2208996/ (in Japanese)

  12. Synopsys: DevSecOps has moved from a consideration to an essential issue. https://www.synopsys.com/blogs/software-security/ja-jp/gartner-critical-capabilities-appsec-devsecops/ (2022). (in Japanese)

  13. Akbar, M.A., et al.: Toward successful DevSecOps in software development organizations: a decision-making framework. Inform. Softw. Technol. 147, 106894 (2022)

    Article  Google Scholar 

  14. Jeganathan, S.: DevSecOps: a systemic approach for secure software development. ISSA J. 17(11), p20-27 (2019)

    Google Scholar 

  15. Efendi, M., et al.: DevSecOps approach in software development case study: public company logistic agency. In: International Conference on Informatics, Multimedia, Cyber and Information System (ICIMCIS) (2021). https://doi.org/10.1109/ICIMCIS53775.2021.9699316

  16. Ahmed, Z., et al.: Integrating security with DevSecOps: techniques and challenges. In: 2019 International Conference on Digitization (ICD). https://doi.org/10.1109/ICD47981.2019.9105789

  17. Ahmed, A.: DevSecOps: Enabling Security by Design in Rapid Software Development, - 2019 - studenttheses.uu.nl, https://studenttheses.uu.nl/handle/20.500.12932/31896

  18. Prates, L., Faustino, J., Silva, M., Pereira, R.: DevSecOps Metrics. In: Wrycza, S., Maślankowski, J. (eds.) Information Systems: Research, Development, Applications, Education: 12th SIGSAND/PLAIS EuroSymposium 2019, Gdansk, Poland, September 19, 2019, Proceedings, pp. 77–90. Springer International Publishing, Cham (2019). https://doi.org/10.1007/978-3-030-29608-7_7

    Chapter  Google Scholar 

  19. Andre Morales, J., et al.: Security impacts of sub-optimal DevSecOps implementations in a highly regulated environment. In: ARES‘20: Proceedings of the 15th International Conference on Availability, Reliability and Security, Article No.: 63, pp. 1–8 (2020). https://doi.org/10.1145/3407023.3409186

  20. Rahul, B.S., et al.: Implementation of DevSecOps using open-source tools. Int. J. Adv. Res., Ideas Innov. Technol. 5(3), 1050–1051. www.ijariit.com

  21. Shimoda, A., et al.: Software development PBL in university. J. Soc. Project Manag. 16(2), 15–20 (2014). (in Japanese)

    Google Scholar 

  22. Common Criteria for Information Technology Security Evaluation, Part 2: Security functional components. https://commoncriteriaportal.org/files/ccfiles/CCPART2V3.1R5.pdf (2017)

  23. Kaneko, H.: Security and Computers, Security Assurance and Evaluation, Citizen's Lecture Series 2009, National Institute of Informatics. https://www.nii.ac.jp/userdata/shimin/documents/H21/090611_1stlec02.pdf (in Japanese)

Download references

Author information

Authors and Affiliations

  1. Faculty of Social Systems Science, Chiba Institute of Technology, Chiba, Japan

    Shigeaki Tanimoto, Yusuke Okuwaki, Kazuhiko Kato, Tsutomu Kounosu, Hironori Takuma & Masao Toyama

Authors
  1. Shigeaki Tanimoto
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yusuke Okuwaki
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kazuhiko Kato
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tsutomu Kounosu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Hironori Takuma
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Masao Toyama
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shigeaki Tanimoto .

Editor information

Editors and Affiliations

  1. Faculty of Information Engineering, Fukuoka Institute of Technology, Fukuoka, Japan

    Leonard Barolli

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Tanimoto, S., Okuwaki, Y., Kato, K., Kounosu, T., Takuma, H., Toyama, M. (2023). Method for Promoting the Introduction of DevSecOps to Improve Security Quality. In: Barolli, L. (eds) Advances in Networked-based Information Systems. NBiS 2023. Lecture Notes on Data Engineering and Communications Technologies, vol 183. Springer, Cham. https://doi.org/10.1007/978-3-031-40978-3_39

Download citation

Publish with us

Policies and ethics