On DevSecOps and Risk Management in Critical Infrastructures: Practitioners' Insights on Needs and Goals
Chapter, Peer reviewed
Published version

View/ Open
Date
2024Metadata
Show full item recordCollections
Original version
Esnoul, C., Jee, E., Huynh Minh Le, T., Babar, A. N., Colomo-Palacios, R. and Rashid, A. (Red.). (2024). EnCyCriS/SVM '24: Proceedings of the 2024 ACM/IEEE 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS) and 2024 IEEE/ACM Second International Workshop on Software Vulnerability. ACM. 10.1145/3643662.3643954Abstract
Risk management is essential for ensuring the sustained viability of organizations over the long term. It plays a pivotal role in business by helping identify potential threats and vulnerabilities, enabling well-informed decision-making. Within the context of critical infrastructures (CIs), it takes on even greater significance. DevSecOps is an innovative approach to bolstering security of software applications. This approach is being heralded as a transformative solution that encourages the adoption of robust security practices, reduces risk, and ensures uninterrupted business continuity. This qualitative study explores the needs and goals of implementing DevSecOps in CIs from the perspective of DevOps, developers, and security experts. Findings show that the relevance of DevSecOps in CIs emerges from the need for proactive work, increased efficiency, automation, monitoring mechanisms, security, and outstanding products and services. Findings also identify the goals for establishing a stronger market presence, increasing revenues, and maintaining a leading position in the market. The study provides valuable insights on DevSevOps in risk management, that can potentially encourage the adoption of DevSecOps and guide practitioners interested in leveraging the inherent benefits of this approach in the context of CIs.