首页|Management of DevSecOps Process: An Empirical Investigation

Management of DevSecOps Process: An Empirical Investigation

扫码查看
原文链接
  • NETL
  • NSTL
  • Wiley
Context: DevSecOps integrates security into the DevOps project lifecycle, uniting development, operations, and security practices. This integration, while beneficial for developing secure software, introduces complexity from a project management perspective. This study delves into this complexity by examining the 10 knowledge areas of the Project Management Body of Knowledge (PMBOK) within the context of DevSecOps project management. Objective: This study aims to explore and understand the application of PMBOK's 10 knowledge areas in managing DevSecOps projects, focusing on the guidelines that are important to consider in integration of security practices throughout the development lifecycle. Method: Our research approach involved two phases: Firstly, we developed a theoretical model grounded in DevSecOps guidelines identified from existing literature. Secondly, we conducted a quantitative survey targeting industry practitioners to gather insights into the practical application of the theoretical model. The study involved 138 responses from professionals, which were subsequently analyzed using correlation and Partial Least Squares (PLS) analysis to test the hypotheses posited in the theoretical model. Results: The analysis reveals critical insights into the management of DevSecOps projects, highlighting the importance of adhering to specific guidelines to navigate the complexities introduced by the integration of security practices. The empirical data support the theoretical model, underscoring the relevance of PMBOK's knowledge areas in the successful management of DevSecOps projects. Conclusion: For organizations committed to the DevSecOps paradigm, it is imperative to consider and implement the identified guidelines. These guidelines not only support the sustainable integration of security practices into DevOps projects but also contribute to the overall success and security of the software developed under this paradigm.

DevOpsDevSecOpsempirical investigationsguidelines

Muhammad Azeem Akbar、Arif Ali Khan、Sajjad Mahmood、Sami Hyrynsalmi

展开 >

Department of Software Engineering, LUT University, Lappeenranta, Finland

M3S Empirical Software Engineering Research Unit, University of Oulu, Oulu, Finland

Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia

2025

10.1002/spe.3419

Software, practice & experience

Software, practice & experience

ISSN:0038-0644
年,卷(期):2025.55(7)
  • 112