Evolution of Integration, Build, Test, and Release Engineering Into DevOps and to DevSecOps

Software engineering operations in large organizations are primarily comprised of integrating code from multiple branches, building, testing the build, and releasing it. Agile and related methodologies accelerated the software development activities. Realizing the importance of the development and operations teams working closely with each other, the set of practices that automated the engineering processes of software development evolved into DevOps, signifying the close collaboration of both development and operations teams. With the advent of cloud computing and the opening up of firewalls, the security aspects of software started moving into the applications leading to DevSecOps. This chapter traces the journey of the software engineering operations over the last two to three decades, highlighting the tools and techniques used in the process

Agile Requirements Engineering: A systematic literature review

Nowadays, Agile Software Development (ASD) is used to cope with increasing complexity in system development. Hybrid development models, with the integration of User-Centered Design (UCD), are applied with the aim to deliver competitive products with a suitable User Experience (UX). Therefore, stakeholder and user involvement during Requirements Engineering (RE) are essential in order to establish a collaborative environment with constant feedback loops. The aim of this study is to capture the current state of the art of the literature related to Agile RE with focus on stakeholder and user involvement. In particular, we investigate what approaches exist to involve stakeholder in the process, which methodologies are commonly used to present the user perspective and how requirements management is been carried out. We conduct a Systematic Literature Review (SLR) with an extensive quality assessment of the included studies. We identified 27 relevant papers. After analyzing them in detail, we derive deep insights to the following aspects of Agile RE: stakeholder and user involvement, data gathering, user perspective, integrated methodologies, shared understanding, artifacts, documentation and Non-Functional Requirements (NFR). Agile RE is a complex research field with cross-functional influences. This study will contribute to the software development body of knowledge by assessing the involvement of stakeholder and user in Agile RE, providing methodologies that make ASD more human-centric and giving an overview of requirements management in ASD.Ministerio de Economía y Competitividad TIN2013-46928-C3-3-RMinisterio de Economía y Competitividad TIN2015-71938-RED

Intangible trust requirements - how to fill the requirements trust "gap"?

Previous research efforts have been expended in terms of the capture and subsequent instantiation of "soft" trust requirements that relate to HCI usability concerns or in relation to "hard" tangible security requirements that primarily relate to security a ssurance and security protocols. Little direct focus has been paid to managing intangible trust related requirements per se. This 'gap' is perhaps most evident in the public B2C (Business to Consumer) E- Systems we all use on a daily basis. Some speculative suggestions are made as to how to fill the 'gap'. Visual card sorting is suggested as a suitable evaluative tool; whilst deontic logic trust norms and UML extended notation are the suggested (methodologically invariant) means by which software development teams can perhaps more fully capture hence visualize intangible trust requirements

Considerations regarding the agile development of portals

Starting with methodologies, methods and techniques used generally in the development of information systems, a personal approach regarding quick development of portals has been introduced. After a strict theoretical foundation the proposal has been applied within a real collaborative knowledge portal development project. We consider the proposed agile development approach (based on the prototype technique enriched with MDA valences) suitable to all kind of information systems. The agile development framework establishes the life-cycle phases of product development taking into account the desired functionalities.portal, prototype technique, model driven architecture, agile development

AGILE AND SECURE SOFTWARE DEVELOPMENT: AN UNFINISHED STORY

Given the widespread adoption of agile methods and the rising number of software vulnerabilities, we analyze the literature with an interest in the effect of security practices on software development agility. We propose a novel taxonomy to systematize the body of knowledge around secure agile development and then organize and summarize the selected research using the new taxonomy. At a high-level we create two categories, Phase Focused and Phase Independent. The Phase Focused category is then subdivided along the traditional SDLC phases. The Phase Independent category spans all phases of the SDLC or is phase independent. We conclude that, although there is a significant body of literature on the topic, the story is unfinished. There is further investigation needed to ensure agility as secure development practices are adopted and in regard to empirical evaluations of the proposed agile and secure software development integration approaches

An Approach Toward Implementing Continuous Security In Agile Environment

Traditionally, developers design software to accomplish a set of functions and then later add—or do not add—security measures, especially after the prevalence of the agile software development model. Consequently, there is an increased risk of security vulnerabilities that are introduced into the software in various stages of development. To avoid security vulnerabilities, there are many secure software development efforts in the directions of secure software development lifecycle process. The purpose of this thesis is to propose a software security assurance methodology and integrate it into the Msg Life organization’s development lifecycle based on security best practices that fulfill their needs in building secure software applications. Ultimately, the objective adhered to increasing the security maturity level according to the suggested security assurance roadmap and implemented partly in the context of this thesis.Tradicionalmente, os desenvolvedores projetam o software para realizar um conjunto de funções e, posteriormente, adicionam - ou não - medidas de segurança, especialmente após a prevalência do modelo de desenvolvimento ágil de software. Consequentemente, há um risco aumentado de vulnerabilidades de segurança que são introduzidas no software em vários estágios de desenvolvimento. Para evitar vulnerabilidades de segurança, existem muitos esforços no desenvolvimento de software nas direções dos processos do ciclo de vida desse mesmo software. O objetivo desta tese é propor uma metodologia de garantia de segurança de software e integrá-la ao ciclo de vida de desenvolvimento da Msg Life Company, com base nas melhores práticas de segurança que atendem às suas necessidades na criação de aplicativos de software seguros. Por fim, o objetivo aderiu ao aumento do nível de maturidade da segurança de acordo com o roteiro sugerido de garantia de segurança e implementado parcialmente no contexto desta tese

Proceedings of International Workshop "Global Computing: Programming Environments, Languages, Security and Analysis of Systems"

According to the IST/ FET proactive initiative on GLOBAL COMPUTING, the goal is to obtain techniques (models, frameworks, methods, algorithms) for constructing systems that are flexible, dependable, secure, robust and efficient. The dominant concerns are not those of representing and manipulating data efficiently but rather those of handling the co-ordination and interaction, security, reliability, robustness, failure modes, and control of risk of the entities in the system and the overall design, description and performance of the system itself. Completely different paradigms of computer science may have to be developed to tackle these issues effectively. The research should concentrate on systems having the following characteristics: • The systems are composed of autonomous computational entities where activity is not centrally controlled, either because global control is impossible or impractical, or because the entities are created or controlled by different owners. • The computational entities are mobile, due to the movement of the physical platforms or by movement of the entity from one platform to another. • The configuration varies over time. For instance, the system is open to the introduction of new computational entities and likewise their deletion. The behaviour of the entities may vary over time. • The systems operate with incomplete information about the environment. For instance, information becomes rapidly out of date and mobility requires information about the environment to be discovered. The ultimate goal of the research action is to provide a solid scientific foundation for the design of such systems, and to lay the groundwork for achieving effective principles for building and analysing such systems. This workshop covers the aspects related to languages and programming environments as well as analysis of systems and resources involving 9 projects (AGILE , DART, DEGAS , MIKADO, MRG, MYTHS, PEPITO, PROFUNDIS, SECURE) out of the 13 founded under the initiative. After an year from the start of the projects, the goal of the workshop is to fix the state of the art on the topics covered by the two clusters related to programming environments and analysis of systems as well as to devise strategies and new ideas to profitably continue the research effort towards the overall objective of the initiative. We acknowledge the Dipartimento di Informatica and Tlc of the University of Trento, the Comune di Rovereto, the project DEGAS for partially funding the event and the Events and Meetings Office of the University of Trento for the valuable collaboration