{"id":"https://openalex.org/W2909208148","doi":"https://doi.org/10.4018/ijsssp.2018010102","title":"Weaving Security into DevOps Practices in Highly Regulated Environments","display_name":"Weaving Security into DevOps Practices in Highly Regulated Environments","publication_year":2018,"publication_date":"2018-01-01","ids":{"openalex":"https://openalex.org/W2909208148","doi":"https://doi.org/10.4018/ijsssp.2018010102","mag":"2909208148"},"language":"en","primary_location":{"id":"doi:10.4018/ijsssp.2018010102","is_oa":false,"landing_page_url":"https://doi.org/10.4018/ijsssp.2018010102","pdf_url":null,"source":{"id":"https://openalex.org/S4210212113","display_name":"International Journal of Systems and Software Security and Protection","issn_l":"2640-4265","issn":["2640-4265","2640-4273"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320424","host_organization_name":"IGI Global","host_organization_lineage":["https://openalex.org/P4310320424"],"host_organization_lineage_names":["IGI Global"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Systems and Software Security and Protection","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5048340882","display_name":"Jose Andre Morales","orcid":"https://orcid.org/0000-0001-7177-8192"},"institutions":[{"id":"https://openalex.org/I114772536","display_name":"Software Engineering Institute","ror":"https://ror.org/01xqjjn94","country_code":"US","type":"facility","lineage":["https://openalex.org/I114772536","https://openalex.org/I74973139"]},{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jose Andre Morales","raw_affiliation_strings":["Software Engineering Institute, Carnegie Mellon University, Pittsburgh, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Software Engineering Institute, Carnegie Mellon University, Pittsburgh, USA","institution_ids":["https://openalex.org/I114772536","https://openalex.org/I74973139"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103116017","display_name":"Hasan Ya\u015far","orcid":"https://orcid.org/0009-0006-9274-1202"},"institutions":[{"id":"https://openalex.org/I114772536","display_name":"Software Engineering Institute","ror":"https://ror.org/01xqjjn94","country_code":"US","type":"facility","lineage":["https://openalex.org/I114772536","https://openalex.org/I74973139"]},{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Hasan Yasar","raw_affiliation_strings":["Software Engineering Institute, Carnegie Mellon University, Pittsburgh, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Software Engineering Institute, Carnegie Mellon University, Pittsburgh, USA","institution_ids":["https://openalex.org/I114772536","https://openalex.org/I74973139"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5071324069","display_name":"Aaron Volkmann","orcid":null},"institutions":[{"id":"https://openalex.org/I114772536","display_name":"Software Engineering Institute","ror":"https://ror.org/01xqjjn94","country_code":"US","type":"facility","lineage":["https://openalex.org/I114772536","https://openalex.org/I74973139"]},{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Aaron Volkmann","raw_affiliation_strings":["Software Engineering Institute, Carnegie Mellon University, Pittsburgh, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Software Engineering Institute, Carnegie Mellon University, Pittsburgh, USA","institution_ids":["https://openalex.org/I114772536","https://openalex.org/I74973139"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.4113,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.74914881,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":"9","issue":"1","first_page":"18","last_page":"46"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9977999925613403,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9977999925613403,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10430","display_name":"Software Engineering Techniques and Practices","score":0.994700014591217,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9929999709129333,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/devops","display_name":"DevOps","score":0.9785997867584229},{"id":"https://openalex.org/keywords/systems-development-life-cycle","display_name":"Systems development life cycle","score":0.7025722861289978},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5785639882087708},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5640515685081482},{"id":"https://openalex.org/keywords/process-management","display_name":"Process management","score":0.42933332920074463},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.40582215785980225},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.40135231614112854},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.36576324701309204},{"id":"https://openalex.org/keywords/software-development-process","display_name":"Software development process","score":0.3285630941390991},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.3189898133277893},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.20460006594657898},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.13175448775291443},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.06804594397544861}],"concepts":[{"id":"https://openalex.org/C9903902","wikidata":"https://www.wikidata.org/wiki/Q3025536","display_name":"DevOps","level":3,"score":0.9785997867584229},{"id":"https://openalex.org/C120617098","wikidata":"https://www.wikidata.org/wiki/Q559486","display_name":"Systems development life cycle","level":5,"score":0.7025722861289978},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5785639882087708},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5640515685081482},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.42933332920074463},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.40582215785980225},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.40135231614112854},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.36576324701309204},{"id":"https://openalex.org/C180152950","wikidata":"https://www.wikidata.org/wiki/Q2904257","display_name":"Software development process","level":4,"score":0.3285630941390991},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.3189898133277893},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.20460006594657898},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.13175448775291443},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.06804594397544861}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.4018/ijsssp.2018010102","is_oa":false,"landing_page_url":"https://doi.org/10.4018/ijsssp.2018010102","pdf_url":null,"source":{"id":"https://openalex.org/S4210212113","display_name":"International Journal of Systems and Software Security and Protection","issn_l":"2640-4265","issn":["2640-4265","2640-4273"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320424","host_organization_name":"IGI Global","host_organization_lineage":["https://openalex.org/P4310320424"],"host_organization_lineage_names":["IGI Global"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Systems and Software Security and Protection","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/17","score":0.4300000071525574,"display_name":"Partnerships for the goals"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":31,"referenced_works":["https://openalex.org/W157156687","https://openalex.org/W1423289960","https://openalex.org/W1546243928","https://openalex.org/W1847843939","https://openalex.org/W1966973035","https://openalex.org/W1984516631","https://openalex.org/W1984754171","https://openalex.org/W2007395635","https://openalex.org/W2016535328","https://openalex.org/W2021257274","https://openalex.org/W2036894992","https://openalex.org/W2045308044","https://openalex.org/W2046618079","https://openalex.org/W2110385988","https://openalex.org/W2135843413","https://openalex.org/W2136117679","https://openalex.org/W2263636531","https://openalex.org/W2347053969","https://openalex.org/W2406564512","https://openalex.org/W2581988150","https://openalex.org/W2617346435","https://openalex.org/W2621143560","https://openalex.org/W2753691335","https://openalex.org/W2809991056","https://openalex.org/W2900338851","https://openalex.org/W2902510633","https://openalex.org/W2905459693","https://openalex.org/W3122043508","https://openalex.org/W3129240556","https://openalex.org/W3161918289","https://openalex.org/W4230346471"],"related_works":["https://openalex.org/W4292756589","https://openalex.org/W3211439315","https://openalex.org/W2185477997","https://openalex.org/W2186344087","https://openalex.org/W3105511281","https://openalex.org/W2750783989","https://openalex.org/W2187981415","https://openalex.org/W1845068655","https://openalex.org/W4385161849","https://openalex.org/W4210690107"],"abstract_inverted_index":{"In":[0],"this":[1,212],"article,":[2],"the":[3,97,135,148,169,179,198,217,231,237],"authors":[4,180,232],"discuss":[5,197,233],"enhancing":[6],"a":[7,11,22,43,54,61,87,120,156,172,189,202,214,221,244,250],"DevOps":[8,19,52,71,131,158,163,187,203,222,245,253],"implementation":[9,136,164,206,254],"in":[10,36,65,93,119,155,183,207,255],"highly":[12,121],"regulated":[13,122],"environment":[14],"(HRE)":[15],"with":[16,165,213],"security":[17,81,151,166,219,229,251],"principles.":[18],"has":[20],"become":[21],"standard":[23],"option":[24],"for":[25,99],"entities":[26,64,78],"seeking":[27],"to":[28,83,138,236,249],"streamline":[29],"and":[30,49,107,111,185,205,239],"increase":[31],"participation":[32],"by":[33,80],"all":[34,139],"stakeholders":[35],"their":[37,90,234,240],"Software":[38],"Development":[39],"Lifecycle":[40],"(SDLC).":[41],"For":[42,227],"large":[44],"portion":[45],"of":[46,63,89,104,144,150,192,200,216],"industry,":[47],"academia,":[48],"government,":[50],"applying":[51,70],"is":[53,102,117,147,176],"straight":[55],"forward":[56],"process.":[57],"There":[58],"is,":[59],"however,":[60],"subset":[62],"these":[66],"three":[67],"sectors":[68],"where":[69],"can":[72,126],"be":[73],"very":[74],"challenging.":[75],"These":[76],"are":[77],"mandated":[79],"policies":[82,152],"conduct":[84],"all,":[85],"or":[86],"portion,":[88],"SDLC":[91,125,224,238],"activities":[92],"an":[94,100,115,145,161,208,256],"HRE.":[95,209],"Often,":[96],"reason":[98],"HRE":[101,146,170,257],"protection":[103],"intellectual":[105],"property":[106],"proprietary":[108],"tools,":[109],"methods,":[110],"techniques.":[112],"Even":[113],"if":[114],"entity":[116],"functioning":[118],"environment,":[123],"its":[124],"still":[127],"benefit":[128,143,168],"from":[129],"implementing":[130,186],"as":[132,134,171,258],"long":[133],"conforms":[137],"imposed":[140],"policies.":[141],"A":[142],"existence":[149],"that":[153],"belong":[154],"secure":[157],"implementation.":[159,246],"Layering":[160],"existing":[162],"will":[167],"whole.":[173],"This":[174],"work":[175],"based":[177],"on":[178],"extensive":[181],"experience":[182],"assessing":[184],"across":[188],"diverse":[190],"set":[191],"HREs.":[193],"First,":[194],"they":[195],"extensively":[196],"process":[199],"performing":[201],"assessment":[204],"They":[210,247],"follow":[211],"discussion":[215],"needed":[218],"principles":[220],"enhanced":[223,252],"should":[225],"include.":[226],"each":[228],"principle,":[230],"importance":[235],"appropriate":[241],"placement":[242],"within":[243],"refer":[248],"HRE-DevSecOps.":[259]},"counts_by_year":[{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":1},{"year":2020,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}