Metrics-driven DevSecOps

Wissam Mallouli, Ana Cavalli, Alessandra Bagnato, Edgardo Montes de Oca


Due to the modern iterative development practices and new automated software engineering tools and methods brought by the DevOps agile method, the traditional metrics and evaluation methods are not enough to ensure software security. Besides, the recent years have seen probably the most continuous and extreme software security attacks ever recorded against organizations in an assortment of enterprises. Security is presently a vast range, critical for business achievement. The existing metrics must be redefined, and new security metrics should be determined based on multiple measures to increase the reliability of the values. Due to the short cycles of iterative processes in DevOps method, the feedback must come quickly, so the measurement should be automated and continuous. Due to the massive amount of information, the results must be visualized at a suitable level of abstraction, which may be different for the various stakeholders. In this paper, we propose a unique Metric-driven approach to help improve the software engineering processes by increasing the quality, adaptability and security of software and decreasing costs and time-to-market.


Paper Citation