Adopting DevOps means increased collaboration between development and operations teams and faster release cycles through a shift to automation. Using Dev Ops brings with it several advantages in the development of software. Security, however, is often neglected in DevOps due to the fast release cycle. Therefore Dev Sec Ops has emerged as an extension to DevOps that attempts to integrate security with Dev Ops practices, which is not without its challenges. DevOps, and by extension Dev Sec Ops, represents a significant change in the culture, tooling, and processes used in software development. Therefore, when implementing DevSecOps, teams and their organizations need to be aware of the challenges it brings and how to address those challenges for a DevSecOps implementation to be effective. Literature on DevSecOps exists that outlines practices and principles to do this. This paper uses a grounded theory approach to do a systematic literature review of academic literature to find the factors that contribute to an effective DevSecOps implementation. It attempts to reconcile the challenges of DevSecOps with ways of mitigating them and the advantages that a DevSecOps implementation can bring. The paper thus outlines methods of effectively implementing DevSecOps as described in academic literature.
Software security patch management—A systematic literature review of challenges, approaches, tools and practices
