{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,12]],"date-time":"2025-05-12T13:28:26Z","timestamp":1747056506068,"version":"3.40.3"},"publisher-location":"Cham","reference-count":31,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030641474"},{"type":"electronic","value":"9783030641481"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-64148-1_27","type":"book-chapter","created":{"date-parts":[[2020,11,20]],"date-time":"2020-11-20T15:11:27Z","timestamp":1605885087000},"page":"434-452","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":11,"title":["Integration of Security Standards in DevOps Pipelines: An Industry Case Study"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0535-1371","authenticated-orcid":false,"given":"Fabiola","family":"Moy\u00f3n","sequence":"first","affiliation":[]},{"given":"Rafael","family":"Soares","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2725-7629","authenticated-orcid":false,"given":"Maria","family":"Pinto-Albuquerque","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0619-6027","authenticated-orcid":false,"given":"Daniel","family":"Mendez","sequence":"additional","affiliation":[]},{"given":"Kristian","family":"Beckers","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,11,21]]},"reference":[{"key":"27_CR1","unstructured":"Allspaw, J., Hammond, P.: 10+ deploys per day: dev and ops cooperation at Flickr. In: Velocity: Web Performance and Operations Conference. O\u2019Reilly (2009)"},{"key":"27_CR2","unstructured":"Beck, K., et al.: Manifesto for agile software development (2001)"},{"key":"27_CR3","doi-asserted-by":"publisher","DOI":"10.1201\/9781315154855","volume-title":"Empirical Research for Software Security: Foundations and Experience","author":"L Ben Othmane","year":"2017","unstructured":"Ben Othmane, L., Jaatun, M.G., Weippl, E.: Empirical Research for Software Security: Foundations and Experience. CRC Press, Boca Raton (2017)"},{"key":"27_CR4","unstructured":"Bird, J.: Security as code: security tools and practices in continuous delivery, Chap. 4, pp. 32\u201336. O\u2019Reilly Media, Incorporated (2016)"},{"key":"27_CR5","unstructured":"DORA: Accelerate: State of DevOps (2019). https:\/\/services.google.com\/fh\/files\/misc\/state-of-devops-2019.pdf"},{"key":"27_CR6","unstructured":"Gartner: 10 things to get right for successful DevSecOps (2017). https:\/\/www.gartner.com\/en\/documents\/3811369\/10-things-to-get-right-for-successful-devsecops"},{"key":"27_CR7","volume-title":"Hands-On Security in DevOps: Ensure Continuous Security, Deployment, and Delivery with DevSecOps","author":"THC Hsu","year":"2018","unstructured":"Hsu, T.H.C.: Hands-On Security in DevOps: Ensure Continuous Security, Deployment, and Delivery with DevSecOps. Packt Publishing Ltd., Birmingham (2018)"},{"key":"27_CR8","volume-title":"Continuous Delivery: Reliable Software Releases through Build, Test, and Deployment Automation","author":"J Humble","year":"2010","unstructured":"Humble, J., Farley, D.: Continuous Delivery: Reliable Software Releases through Build, Test, and Deployment Automation. Pearson Education, London (2010)"},{"key":"27_CR9","unstructured":"IEC: 61508 - functional safety. International Electrotechnical Commission (2010)"},{"key":"27_CR10","unstructured":"(IEC): IEC 62443-4-1. Security for industrial automation and control systems Part 4-1 Product security development life-cycle requirements (2018)"},{"key":"27_CR11","unstructured":"ISO: 26262 - road vehicles \u2013 functional safety. International Standards Organization (2011)"},{"key":"27_CR12","doi-asserted-by":"crossref","unstructured":"Jaatun, M.G., Cruzes, D.S., Luna, J.: DevOps for better software security in the cloud invited paper. In: Proceedings of the 12th ARES. ACM, New York (2017)","DOI":"10.1145\/3098954.3103172"},{"key":"27_CR13","doi-asserted-by":"crossref","unstructured":"Jabbari, R., bin Ali, N., Petersen, K., Tanveer, B.: What is DevOps?: a systematic mapping study on definitions and practices. In: Proceedings of Workshop XP. ACM, USA (2016)","DOI":"10.1145\/2962695.2962707"},{"key":"27_CR14","volume-title":"The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win","author":"G Kim","year":"2018","unstructured":"Kim, G., Behr, K., Spafford, G.: The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win. IT Revolution Press, Portland (2018)"},{"key":"27_CR15","volume-title":"The DevOps Handbook: How to Create World-Class Agility, Reliability, and Security in Technology Organizations","author":"G Kim","year":"2016","unstructured":"Kim, G., Humble, J., Debois, P., Willis, J.: The DevOps Handbook: How to Create World-Class Agility, Reliability, and Security in Technology Organizations. IT Revolution Press, Portland (2016)"},{"key":"27_CR16","doi-asserted-by":"publisher","first-page":"176","DOI":"10.1016\/j.infsof.2018.01.011","volume":"97","author":"T Laukkarinen","year":"2018","unstructured":"Laukkarinen, T., Kuusinen, K., Mikkonen, T.: Regulated software meets DevOps. Inf. Softw. Technol. 97, 176\u2013178 (2018)","journal-title":"Inf. Softw. Technol."},{"key":"27_CR17","doi-asserted-by":"crossref","unstructured":"Leite, L., Rocha, C., Kon, F., Milojicic, D., Meirelles, P.: A survey of DevOps concepts and challenges, vol. 52. Association for Computing Machinery, New York (2019)","DOI":"10.1145\/3359981"},{"key":"27_CR18","series-title":"Lecture Notes in Business Information Processing","doi-asserted-by":"publisher","first-page":"212","DOI":"10.1007\/978-3-319-18612-2_19","volume-title":"Agile Processes, in Software Engineering, and Extreme Programming","author":"LE Lwakatare","year":"2015","unstructured":"Lwakatare, L.E., Kuvaja, P., Oivo, M.: Dimensions of DevOps. In: Lassenius, C., Dings\u00f8yr, T., Paasivaara, M. (eds.) XP 2015. LNBIP, vol. 212, pp. 212\u2013217. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-18612-2_19"},{"key":"27_CR19","doi-asserted-by":"crossref","unstructured":"Michener, J.R., Clager, A.T.: Mitigating an oxymoron: compliance in a DevOps environments. In: 2016 IEEE 40th COMPSAC, vol. 1, pp. 396\u2013398 (2016)","DOI":"10.1109\/COMPSAC.2016.155"},{"key":"27_CR20","doi-asserted-by":"crossref","unstructured":"Mohan, V., Othmane, L.B.: SecDevOps: is it a marketing buzzword?-mapping research on security in DevOps. In: 11th ARES, pp. 542\u2013547. IEEE (2016)","DOI":"10.1109\/ARES.2016.92"},{"key":"27_CR21","unstructured":"Morales, J., Turner, R., Miller, S., Capell, P., Place, P., Shepard, D.: Guide to implementing DevSecOps for a system of systems in highly regulated environments. Technical report, CMU\/SEI-2020-TR-002. SEI, Carnegie Mellon University, Pittsburgh, PA (2020)"},{"key":"27_CR22","doi-asserted-by":"crossref","unstructured":"Moy\u00f3n, F., Beckers, K., Klepper, S., Lachberger, P., Bruegge, B.: Towards continuous security compliance in agile software development at scale. In: Proceedings of RCoSE. ACM (2018)","DOI":"10.1145\/3194760.3194767"},{"key":"27_CR23","series-title":"Agile Software Development Series","volume-title":"Lean Software Development: An Agile Toolkit","author":"M Poppendieck","year":"2003","unstructured":"Poppendieck, M., Poppendieck, T.: Lean Software Development: An Agile Toolkit. Agile Software Development Series. Pearson Education, London (2003)"},{"key":"27_CR24","unstructured":"SANS: SANS secure DevOps toolchain and securing web application technologies checklist (2018)"},{"key":"27_CR25","doi-asserted-by":"crossref","unstructured":"Shahin, M., Babar, M.A., Zhu, L.: Continuous integration, delivery and deployment: a systematic review on approaches, tools, challenges and practices. IEEE (2017)","DOI":"10.1109\/ACCESS.2017.2685629"},{"key":"27_CR26","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-84800-044-5","volume-title":"Guide to Advanced Empirical Software Engineering","author":"F Shull","year":"2007","unstructured":"Shull, F., Singer, J., Sj\u00f8berg, D.I.: Guide to Advanced Empirical Software Engineering. Springer, London (2007). https:\/\/doi.org\/10.1007\/978-1-84800-044-5"},{"key":"27_CR27","unstructured":"Sonatype: DevSecOps community survey 2019 (2019)"},{"key":"27_CR28","doi-asserted-by":"crossref","unstructured":"Ur Rahman, A.A., Williams, L.: Software security in DevOps: synthesizing practitioners\u2019 perceptions and practices. In: Proceedings of International Workshop CSED. ACM, USA (2016)","DOI":"10.1145\/2896941.2896946"},{"key":"27_CR29","unstructured":"Wagner, S., Fern\u00e1ndez, D.M., Felderer, M., Graziotin, D., Kalinowski, M.: Challenges in survey research. ArXiv abs\/1908.05899 (2019)"},{"key":"27_CR30","doi-asserted-by":"crossref","unstructured":"Yasar, H.: Implementing secure DevOps assessment for highly regulated environments. In: Proceedings of the 12th ARES. ACM, USA (2017)","DOI":"10.1145\/3098954.3105819"},{"issue":"4","key":"27_CR31","doi-asserted-by":"publisher","first-page":"39","DOI":"10.4018\/IJSSE.2016100103","volume":"7","author":"H Yasar","year":"2016","unstructured":"Yasar, H., Kontostathis, K.: Where to integrate security practices on DevOps platform. Int. J. Secur. Softw. Eng. 7(4), 39\u201350 (2016)","journal-title":"Int. J. Secur. Softw. Eng."}],"container-title":["Lecture Notes in Computer Science","Product-Focused Software Process Improvement"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-64148-1_27","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,24]],"date-time":"2021-04-24T12:27:40Z","timestamp":1619267260000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-64148-1_27"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030641474","9783030641481"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-64148-1_27","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"21 November 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"PROFES","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Product-Focused Software Process Improvement","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Turin","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Italy","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 November 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 November 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"profes2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/softeng.polito.it\/profes2020\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"68","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"19","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"28% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Due to COVID-19 pandemic the conference was held virtually","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}