![]() Program Managers-The DevSecOps Pipeline Can Provide Actionable Data by Julie Cohen and Bill Nichols In this webcast, Tim Chick discusses how using a DevSecOps model can be built using MBSE. While builders of embedded and distributed systems want to achieve the flexibility and speed expected when applying DevSecOps, reference material and a repeatable defensible process are needed to confirm that a given DevSecOps pipeline is implemented in a secure, safe, and sustainable way. ![]() An assurance case can be used to show the adequacy of the model for both the pipeline and the embedded or distributed system. Using model-based systems engineering (MBSE), a DevSecOps model can be built that considers system assurance and enables organizations to design and execute a fully integrated DevSecOps strategy in which stakeholder needs are addressed with cybersecurity in all aspects of the DevSecOps pipeline. ![]() Thus, many enterprises are concerned that DevSecOps pipeline weaknesses can be abused to inject exploitable vulnerabilities into their products and services. With the adoption of DevSecOps tools and techniques and the increased coupling between the product being built and the tools used to build them, the attack surface of the product continues to grow by incorporating segments of the development environment. Understanding and articulating cybersecurity risk is hard. Read the white paper.ĭoes Your DevSecOps Pipeline Only Function as Intended? by Timothy Chick In this paper, we discuss some of these potential research areas. By focusing on these areas, organizations in government, academia, and industry can collaborate to develop solutions that streamline and accelerate ongoing ZTA transformation efforts. ![]() At the event, attendees focused on how federal agencies with limited resources can implement a zero-trust architecture (ZTA) that adheres to executive orders M-22-009 and M-21-31, both of which address federal cybersecurity measures.ĭuring these discussions, participants identified ZT-related issues that could benefit from additional research. In August 2022, the SEI hosted Zero Trust Industry Day 2022 to enable industry stakeholders to share information about implementing zero trust (ZT). Zero Trust Industry Day 2022: Areas of Future Research by Matthew Nicolai, Trista Polaski, and Timothy Morrow This post includes a listing of each publication, author(s), and links where they can be accessed on the SEI website. These publications highlight the latest work of SEI technologists in these areas. As part of an ongoing effort to keep you informed about our latest work, this blog post summarizes some recent publications from the SEI in the areas of zero trust, DevSecOps, safety-critical systems, software resilience, and cloud adoption. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |