Security practices in DevOps

Akond Rahman and Laurie Williams in 4th Annual Hot Topics in the Science of Security (HoTSoS) Symposium, 2016 Pre-print

DevOps focuses on collaboration between different teams in an organization to achieve rapid deployment of software and services to end-users by automating the software delivery infrastructure. Software practitioners can aid from a study that investigates the security practices used by organizations that have adopted DevOps to integrate security in their organization. In our study we focus on identifying the security practices that can be used, and are actually in use to integrate security in DevOps. We identified 10 non-automated security activities. We observe a certain level of consensus between the stated non-automated security activities in Internet artifacts, and the security activities that are actually in use within DevOps organizations. We observe that security awareness is prevalent amongst established DevOps organizations, considering their use of security activities, such as performing security policies, performing manual security tests, and performing security configurations.