{"id":"https://openalex.org/W7116932885","doi":"https://doi.org/10.1145/3727967.3756844","title":"Embedding Security Practices into Taxonomy of DevOps Practices","display_name":"Embedding Security Practices into Taxonomy of DevOps Practices","publication_year":2025,"publication_date":"2025-06-17","ids":{"openalex":"https://openalex.org/W7116932885","doi":"https://doi.org/10.1145/3727967.3756844"},"language":null,"primary_location":{"id":"doi:10.1145/3727967.3756844","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3727967.3756844","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3727967.3756844?download=true","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 29th International Conference on Evaluation and Assessment in Software Engineering Companion","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3727967.3756844?download=true","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5112398329","display_name":"Mohammad Shameem","orcid":null},"institutions":[{"id":"https://openalex.org/I134085113","display_name":"King Fahd University of Petroleum and Minerals","ror":"https://ror.org/03yez3163","country_code":"SA","type":"education","lineage":["https://openalex.org/I134085113"]}],"countries":["SA"],"is_corresponding":true,"raw_author_name":"Mohammad Shameem","raw_affiliation_strings":["Interdisciplinary Research Center for Intelligent Secure Systems, KFUPM, Dhahran, Saudi Arabia"],"raw_orcid":"https://orcid.org/0000-0002-6055-5345","affiliations":[{"raw_affiliation_string":"Interdisciplinary Research Center for Intelligent Secure Systems, KFUPM, Dhahran, Saudi Arabia","institution_ids":["https://openalex.org/I134085113"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5055298803","display_name":"MAHMOOD NIAZI","orcid":null},"institutions":[{"id":"https://openalex.org/I134085113","display_name":"King Fahd University of Petroleum and Minerals","ror":"https://ror.org/03yez3163","country_code":"SA","type":"education","lineage":["https://openalex.org/I134085113"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Mahmood Niazi","raw_affiliation_strings":["Department of Information and Computer Science, King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia"],"raw_orcid":"https://orcid.org/0000-0001-7318-7644","affiliations":[{"raw_affiliation_string":"Department of Information and Computer Science, King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia","institution_ids":["https://openalex.org/I134085113"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5007816848","display_name":"Sajjad Mahmood","orcid":"https://orcid.org/0000-0001-5786-5118"},"institutions":[{"id":"https://openalex.org/I134085113","display_name":"King Fahd University of Petroleum and Minerals","ror":"https://ror.org/03yez3163","country_code":"SA","type":"education","lineage":["https://openalex.org/I134085113"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Sajjad Mahmood","raw_affiliation_strings":["Department of Information and Computer Science, King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia"],"raw_orcid":"https://orcid.org/0000-0001-5786-5118","affiliations":[{"raw_affiliation_string":"Department of Information and Computer Science, King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia","institution_ids":["https://openalex.org/I134085113"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5121023800","display_name":"Mohammad Nadeem","orcid":null},"institutions":[{"id":"https://openalex.org/I171210897","display_name":"Aligarh Muslim University","ror":"https://ror.org/03kw9gc02","country_code":"IN","type":"education","lineage":["https://openalex.org/I171210897"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Mohammad Nadeem","raw_affiliation_strings":["Computer Science Department, Aligarh Muslim University, Aligarh, Saudi Arabia"],"raw_orcid":"https://orcid.org/0000-0003-3664-5014","affiliations":[{"raw_affiliation_string":"Computer Science Department, Aligarh Muslim University, Aligarh, Saudi Arabia","institution_ids":["https://openalex.org/I171210897"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5112398329"],"corresponding_institution_ids":["https://openalex.org/I134085113"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.7332841,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"22","last_page":"27"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10430","display_name":"Software Engineering Techniques and Practices","score":0.8310999870300293,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10430","display_name":"Software Engineering Techniques and Practices","score":0.8310999870300293,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.05009999871253967,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.04479999840259552,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/devops","display_name":"DevOps","score":0.9919999837875366},{"id":"https://openalex.org/keywords/information-technology-operations","display_name":"Information technology operations","score":0.5264000296592712},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.4514000117778778},{"id":"https://openalex.org/keywords/pipeline","display_name":"Pipeline (software)","score":0.4253000020980835},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.40779998898506165}],"concepts":[{"id":"https://openalex.org/C9903902","wikidata":"https://www.wikidata.org/wiki/Q3025536","display_name":"DevOps","level":3,"score":0.9919999837875366},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.54830002784729},{"id":"https://openalex.org/C43645609","wikidata":"https://www.wikidata.org/wiki/Q60750670","display_name":"Information technology operations","level":3,"score":0.5264000296592712},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.4514000117778778},{"id":"https://openalex.org/C43521106","wikidata":"https://www.wikidata.org/wiki/Q2165493","display_name":"Pipeline (software)","level":2,"score":0.4253000020980835},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.40779998898506165},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.3937000036239624},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.37139999866485596},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.34369999170303345},{"id":"https://openalex.org/C184356942","wikidata":"https://www.wikidata.org/wiki/Q830382","display_name":"Best practice","level":2,"score":0.3400000035762787},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.33889999985694885},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3163999915122986},{"id":"https://openalex.org/C110354214","wikidata":"https://www.wikidata.org/wiki/Q6314146","display_name":"Engineering management","level":1,"score":0.2976999878883362},{"id":"https://openalex.org/C13159133","wikidata":"https://www.wikidata.org/wiki/Q365674","display_name":"Security engineering","level":5,"score":0.2865999937057495},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.2718000113964081},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.26989999413490295}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3727967.3756844","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3727967.3756844","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3727967.3756844?download=true","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 29th International Conference on Evaluation and Assessment in Software Engineering Companion","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3727967.3756844","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3727967.3756844","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3727967.3756844?download=true","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 29th International Conference on Evaluation and Assessment in Software Engineering Companion","raw_type":"proceedings-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","score":0.40573620796203613,"display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W7116932885.pdf","grobid_xml":"https://content.openalex.org/works/W7116932885.grobid-xml"},"referenced_works_count":20,"referenced_works":["https://openalex.org/W2341476702","https://openalex.org/W2503060256","https://openalex.org/W2884277236","https://openalex.org/W2943781272","https://openalex.org/W2973070838","https://openalex.org/W3003435446","https://openalex.org/W3004502531","https://openalex.org/W3015725325","https://openalex.org/W3019735872","https://openalex.org/W3112329866","https://openalex.org/W3161506204","https://openalex.org/W3193600109","https://openalex.org/W3202451838","https://openalex.org/W3206131751","https://openalex.org/W4210983824","https://openalex.org/W4214532693","https://openalex.org/W4295136820","https://openalex.org/W4313271846","https://openalex.org/W4380568649","https://openalex.org/W4387805142"],"related_works":[],"abstract_inverted_index":{"DevOps":[0,33,55,64,74,97,113,152,159],"practices\u2019":[1],"emergence":[2],"into":[3,31],"software":[4,135],"development":[5,13,136],"has":[6],"revolutionized":[7],"efficiency":[8],"and":[9,65,83,115],"agility":[10],"in":[11,52,134],"the":[12,25,32,47,53,73,103,147,151],"lifecycle.":[14,75],"However,":[15],"as":[16,41],"organizations":[17],"adopt":[18],"DevOps,":[19],"there":[20],"is":[21,50],"growing":[22],"acceptance":[23],"of":[24,93,150],"imperative":[26,51],"to":[27,62,68],"integrate":[28,63],"security":[29,36,66,70,85,117,143],"practices":[30,37,67,99,118,144],"workflow.":[34],"Traditionally,":[35],"were":[38,100,119],"often":[39],"implemented":[40],"standalone":[42],"processes,":[43],"but":[44],"integration":[45],"across":[46],"entire":[48],"pipeline":[49],"fast-paced":[54],"environment.":[56],"This":[57],"research":[58],"proposes":[59],"a":[60,109,122,128],"methodology":[61],"embed":[69],"seamlessly":[71],"throughout":[72],"Our":[76],"approach":[77],"focuses":[78],"on":[79,107],"selecting,":[80],"assessing":[81],"compatibility,":[82],"incorporating":[84],"practices.":[86,94,160],"First,":[87],"we":[88,139],"identify":[89],"two":[90],"distinct":[91,148],"categories":[92],"The":[95],"nineteen":[96],"Security":[98],"drawn":[101],"from":[102,121],"prior":[104],"studies":[105],"focused":[106],"developing":[108],"framework":[110,129],"for":[111,130],"implementing":[112],"practices,":[114],"eighteen":[116],"chosen":[120],"previous":[123],"study":[124],"aimed":[125],"at":[126],"constructing":[127],"successful":[131],"DevSecOps":[132],"operation":[133],"organizations.":[137],"Moreover,":[138],"also":[140],"integrated":[141],"ten":[142],"distributed":[145],"among":[146],"phases":[149],"lifecycle":[153],"that":[154],"are":[155],"highly":[156],"compatible":[157],"with":[158]},"counts_by_year":[],"updated_date":"2026-03-07T13:37:22.277990","created_date":"2025-12-23T00:00:00"}