Prioritization Based Taxonomy of DevOps Security Challenges Using PROMETHEE

Saima Rafi; Wu Yu; Muhammad Azeem Akbar; Ahmed Alsanad; Abdu Gumaei

doi:10.1109/ACCESS.2020.2998819

IEEE Access (Jan 2020)

Prioritization Based Taxonomy of DevOps Security Challenges Using PROMETHEE

Saima Rafi,
Wu Yu,
Muhammad Azeem Akbar,
Ahmed Alsanad,
Abdu Gumaei

Affiliations

Saima Rafi: ORCiD; School of Computer Science and Technology, Chongqing University of Posts and Telecommunications, Chongqing, China
Wu Yu: School of Cyber Security and Information Law, Chongqing University of Posts and Telecommunications, Chongqing, China
Muhammad Azeem Akbar: ORCiD; College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing, China
Ahmed Alsanad: Department of Information Systems, College of Computer and Information Sciences, STC’s Artificial Intelligence Chair, King Saud University, Riyadh, Saudi Arabia
Abdu Gumaei: ORCiD; Department of Information Systems, College of Computer and Information Sciences, STC’s Artificial Intelligence Chair, King Saud University, Riyadh, Saudi Arabia

DOI: https://doi.org/10.1109/ACCESS.2020.2998819
Journal volume & issue: Vol. 8
pp. 105426 – 105446

Abstract

Read online

DevOps is a combination of collaborative and multidisciplinary efforts of an organization to control continuous delivery and updates of new software while guaranteeing their reliability and correctness. In the software industry, the implementation of DevOps (development and operations units) faces many challenges that are specifically associated with the security. The objective of this study is to identify and develop a prioritization based taxonomy of DevOps security challenges. The total of eighteen DevOps security challenges were extracted using systematic literature review approach and were further evaluated with experts using questionnaire survey study. Finally, the multi criteria decision making PROMETHEE-II approach was used to prioritize and develop the taxonomy of identified factors and their categories. The implications of PROMETHEE-II approach are novel in this research domain as it has been used successfully in various other domains e.g. medical, banking, internet techniques and management etc. The contribution of this study is not limited to develop the taxonomy based structure of DevOps security challenges, but also the proper prioritization of these challenges by introducing PROMETHEE-II approach in the research field of DevOps. The study results will assist the practitioners to remove the uncertainty and vagueness in the opinion of DevOps experts to secure DevOps implementation for better and continuous software development process.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords