Sok: Taxonomy of attacks on open-source software supply chains
The widespread dependency on open-source software makes it a fruitful target for malicious
actors, as demonstrated by recurring attacks. The complexity of today's open-source supply …
actors, as demonstrated by recurring attacks. The complexity of today's open-source supply …
[HTML][HTML] Mapping DevOps capabilities to the software life cycle: A systematic literature review
Context: Many IT organizations are looking towards DevOps to make their software
development and delivery processes faster and more reliable, while DevOps revolutionized …
development and delivery processes faster and more reliable, while DevOps revolutionized …
Taxonomy of attacks on open-source software supply chains
The widespread dependency on open-source software makes it a fruitful target for malicious
actors, as demonstrated by recurring attacks. The complexity of today's open-source supply …
actors, as demonstrated by recurring attacks. The complexity of today's open-source supply …
Characterizing the security of github {CI} workflows
I Koishybayev, A Nahapetyan, R Zachariah… - 31st USENIX Security …, 2022 - usenix.org
Continuous integration and deployment (CI/CD) has revolutionized software development
and maintenance. Commercial CI/CD platforms provide services for specifying and running …
and maintenance. Commercial CI/CD platforms provide services for specifying and running …
Cloud-native application security: Risks, opportunities, and challenges in securing the evolving attack surface
M Chernyshev, Z Baig, S Zeadally - Computer, 2021 - ieeexplore.ieee.org
Insecure cloud-native applications (CNAs) will continue to experience security compromises
including data breaches due to their dynamic, complex, and varied threat landscape. We …
including data breaches due to their dynamic, complex, and varied threat landscape. We …
Continuous intrusion: Characterizing the security of continuous integration services
Continuous Integration (CI) is a widely-adopted software development practice for
automated code integration. A typical CI workflow involves multiple independent …
automated code integration. A typical CI workflow involves multiple independent …
P2ISE: preserving project integrity in CI/CD based on secure elements
During the past decade, software development has evolved from a rigid, linear process to a
highly automated and flexible one, thanks to the emergence of continuous integration and …
highly automated and flexible one, thanks to the emergence of continuous integration and …
Toward Understanding the Security of Plugins in Continuous Integration Services
Mainstream Continuous Integration (CI) platforms have provided the plugin functionality to
accelerate the development of CI pipelines. Unfortunately, CI plugins, which are essentially …
accelerate the development of CI pipelines. Unfortunately, CI plugins, which are essentially …
When security meets velocity: Modeling continuous security for cloud applications using DevSecOps
R Kumar, R Goyal - … Technologies and Application: Proceedings of ICIDCA …, 2021 - Springer
In the quest of velocity in time-to-market for the cloud applications, often, the security
requirements are overlooked. It is mainly due to the preconceived notion that building …
requirements are overlooked. It is mainly due to the preconceived notion that building …
Revolutionizing software developmental processes by utilizing continuous software approaches
The development of smart and innovative software applications in various disciplines has
inspired our lives by providing various cutting-edge technologies spanning from online to …
inspired our lives by providing various cutting-edge technologies spanning from online to …