Risk management is essential for ensuring the sustained viability of organizations over the long term. It plays a pivotal role in business by helping identify potential threats and vulnerabilities, enabling well-informed decision-making. Within the context of critical infrastructures (CIs), it takes on even greater significance. DevSecOps is an innovative approach to bolstering security of software applications. This approach is being heralded as a transformative solution that encourages the adoption of robust security practices, reduces risk, and ensures uninterrupted business continuity. This qualitative study explores the needs and goals of implementing DevSecOps in CIs from the perspective of DevOps, developers, and security experts. Findings show that the relevance of DevSecOps in CIs emerges from the need for proactive work, increased efficiency, automation, monitoring mechanisms, security, and outstanding products and services. Findings also identify the goals for establishing a stronger market presence, increasing revenues, and maintaining a leading position in the market. The study provides valuable insights on DevSevOps in risk management, that can potentially encourage the adoption of DevSecOps and guide practitioners interested in leveraging the inherent benefits of this approach in the context of CIs.publishedVersio
