DevOps in an ISO 13485 Regulated Environment

Lie, Martin Forsberg; Sánchez‐Gordón, Mary; Colomo‐Palacios, Ricardo

doi:10.1145/3382494.3410679

Cited by 13 publications

(5 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The answers we gathered for this question surprised us. Indeed, security standards are a staple element of industries and organisations that want to impose and guarantee a certain level of security on their members and collaborators (often also for certification purposes – Stewart, Chapple & Gibson, 2012 , Lie, Sánchez-Gordón & Colomo-Palacios, 2020 ). Despite their widespread use in practice, only 7 publications mention security standards.…”

Section: Review Resultsmentioning

confidence: 99%

Microservice security: a systematic literature review

Berardi

Giallorenzo

Mauro

et al. 2022

PeerJ Computer Science

View full text Add to dashboard Cite

Microservices is an emerging paradigm for developing distributed systems. With their widespread adoption, more and more work investigated the relation between microservices and security. Alas, the literature on this subject does not form a well-defined corpus: it is spread over many venues and composed of contributions mainly addressing specific scenarios or needs. In this work, we conduct a systematic review of the field, gathering 290 relevant publications—at the time of writing, the largest curated dataset on the topic. We analyse our dataset along two lines: (a) quantitatively, through publication metadata, which allows us to chart publication outlets, communities, approaches, and tackled issues; (b) qualitatively, through 20 research questions used to provide an aggregated overview of the literature and to spot gaps left open. We summarise our analyses in the conclusion in the form of a call for action to address the main open challenges.

show abstract

Section: Review Resultsmentioning

confidence: 99%

Microservice security: a systematic literature review

Berardi

Giallorenzo

Mauro

et al. 2022

PeerJ Computer Science

View full text Add to dashboard Cite

show abstract

“…It can also be understood as a conglomerate or amalgam of these, which is characterized by breaking down the walls that obstruct and separate the development of operations, in order to direct them to common goals based on collaboration and continuous improvements [14]. DevOps can be understood as a culture and philosophy for a successful organization [15,16]. Such a culture allows the reduction in delivery time in each development flow and, in addition, ensures the quality of the development, demonstrating the benefits in the data record in a detailed way.…”

Section: Methods and Analysismentioning

confidence: 99%

DevOps as a culture of interaction and deployment in an insurance company.

Melgar¹

2021

TURCOMAT

View full text Add to dashboard Cite

This study provides the contributions of the implementation and development of DevOps in the integration and deployment of software in the organization due to problems previously detected regarding the speed and quality of reports. The arguments assumed from a DevOps culture, respond to: techniques and practices of continuous integration, continuous deployment, test automation, collaboration, automation, measurement and monitoring; these facts, was thanks to the implementation of the pre-experimental research design of applied type, in a sample of 48 weekly sprints, with a total of 96 user stories of the project taken from the organization. The study allowed to demonstrate the decrease of the Cycletime of days on average, increase the frequency of code release and increase the percentage of attention ratio, based on these results, it was possible to demonstrate the improvement of the speed during the deployment and quality of software processes, these results were thanks to the adoption of DevOps as a culture of interaction and deployment in an organization in the insurance sector.

show abstract

“…Compliance is one of the identified aspects besides the DevSecOps definition, security best practices, process automation, tools for DevSecOps, software configuration, team collaboration, availability of activity data, and information secrecy. Lie et al [55] carried out a Multivocal Literature Review (MLR) to identify the regulatory compliance of DevOps in a regulated medical device context. They concluded that DevOps for such a context is a highly appealing approach and noted specific contradictions between DevOps and IEC 62304 medical device software.…”

Section: Related Workmentioning

confidence: 99%

Holding on to Compliance While Adopting DevSecOps: An SLR

et al. 2022

Self Cite

View full text Add to dashboard Cite

The software industry has witnessed a growing interest in DevSecOps due to the premises of integrating security in the software development lifecycle. However, security compliance cannot be disregarded, given the importance of adherence to regulations, laws, industry standards, and frameworks. This study aims to provide an overview of compliance aspects in the context of DevSecOps and explore how compliance is ensured. Furthermore, this study reveals the trends of compliance according to the extant literature and identifies potential directions for further research in this context. Therefore, we carried out a systematic literature review on the integration of compliance aspects in DevSecOps, which rigorously followed the guidelines proposed by Kitchenham and Charters. We found 934 articles related to the topic by searching five bibliographic databases (163) and Google Scholar (771). Through a rigorous selection process, we selected 15 papers as primary studies. Then, we identified the compliance aspects of DevSecOps and grouped them into three main categories: compliance initiation, compliance management, and compliance technicalities. We observed a low number of studies; therefore, we encourage further efforts into the exploration of compliance aspects, their automated integration, and the development of metrics to evaluate such a process in the context of DevSecOps.

show abstract

DevOps in an ISO 13485 Regulated Environment

Cited by 13 publications

References 14 publications

Microservice security: a systematic literature review

Microservice security: a systematic literature review

DevOps as a culture of interaction and deployment in an insurance company.

Holding on to Compliance While Adopting DevSecOps: An SLR

Contact Info

Product

Resources

About