Enhancing DevSecOps practice with Large Language Models and Security Chaos Engineering

利用大型语言模型和安全混沌工程增强DevSecOps实践

Martin Bedoya, Sara Palacios, Daniel Díaz-López, Estefania Laverde, Pantaleone Nespoli

DOI: 10.1007/s10207-024-00909-w

期刊: International Journal of Information Security

摘要

Abstract Recently, the DevSecOps practice has improved companies’ agile production of secure software, reducing problems and improving return on investment. However, overreliance on security tools and traditional security techniques can facilitate the implementation of vulnerabilities in different stages of the software lifecycle.. Thus, this paper proposes the integration of a Large Language Model to help automate threat discovery at the design stage and Security Chaos Engineering to support the identification of security flaws that may be undetected by security tools. A specific use case is described to demonstrate how our proposal can be applied to a retail company that has the business need to produce rapidly secure software.

文章解读

获取PDF

通过研飞提供的 SCI-hub 和科研通等渠道,免费获取 PDF

期刊信息

期刊:

ISSN: 1615-5262

国际分区

类目分区
COMPUTER SCIENCE, THEORY & METHODS2

国内分区

类目分区
计算机科学4
计算机科学, 计算机信息系统4
计算机科学, 计算机软件工程4
计算机科学, 计算机理论方法4
Built withby Ivy Science
Copyright © 2020-2024
版权所有:南京青藤格致信息科技有限公司
隐私和监管政策
苏ICP备20040574号-1
ICP许可证: 苏B2-20220377