Blog Posts
Combining Security and Velocity in a Continuous-Integration Pipeline for Large Teams
This post explores how one team managed—and eventually resolved—the two competing forces of developer velocity and cybersecurity enforcement by implementing DevSecOps practices.
• By Alejandro Gomez
In DevSecOps
Modeling DevSecOps to Protect the Pipeline
This blog post presents a DevSecOps Platform-Independent Model that uses model based system engineering constructs to formalize the practices of DevSecOps pipelines and organize guidance.
• By Timothy Chick, Joe Yankel
In DevSecOps
From Model-Based Systems and Software Engineering to ModDevOps
Introduction to ModDevOps, an extension of DevSecOps that embraces model-based systems engineering (MBSE) technology
• By Jerome Hugues, Joe Yankel
In DevSecOps
The Role of DevSecOps in Continuous Authority to Operate
DevSecOps favors rapid development and deployment. Such rapid development and deployment must be balanced against the need to ensure software systems are secure with minimal risk, thus enabling them to …
• By Thomas Scanlon
In DevSecOps
Taking DevSecOps to the Next Level with Value Stream Mapping
This post explores the relationship between DevSecOps and value stream mapping, both of which are rooted in the Lean approach to systems and workflow. It also provides guidance on preparing …
• By Nanette Brown
In DevSecOps
Aligning DevSecOps and Machine Learning
Luiz Antunes explores the machine learning (ML) and DevSecOps domains and proposes ways to use them in collaboration for increased performance.
• By Luiz Antunes
In DevSecOps
The Current State of DevSecOps Metrics
DevSecOps practices yield useful, valuable information about software performance that is likely to lead to innovations in software engineering metrics.
• By Bill Nichols
In DevSecOps
Comparing DevSecOps and Systems Engineering Principles
Software developers and sustainers are seeing significant improvement by adopting Lean, Agile and DevSecOps iteration-based approaches. Now similar approaches are being proposed for more complex projects, including embedded software systems …
• By Richard Turner
In DevSecOps
A Framework for DevSecOps Evolution and Achieving Continuous-Integration/Continuous-Delivery (CI/CD) Capabilities
Implementing a development environment with continuous-integration and continuous-delivery (CI/CD) pipeline capabilities and DevSecOps practices can be challenging. Here's how to avoid incomplete adoption or ineffective implementation.
• By Lyndsi Hughes, Vanessa Jackson
In DevSecOps
What Is Digital Engineering and How Is It Related to DevSecOps?
The Department of Defense's desire for faster delivery of new capabilities is transforming defense acquisitions. The emerging processes of digital thread and digital engineering aim to address the difficulties of …
• By David Shepard, Julia Scherb
In DevSecOps
