cs 305 reflection

docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

305

Subject

Computer Science

Date

Dec 6, 2023

Type

docx

Pages

Uploaded by CommodoreTank10302

Laura Pittman Professor Shaykhian CS 305 November 14, 2023 Journal Reflection As a developer one of the main responsibilities is the design and implementation of software therefore the role that is played in solving security concerns is vital. When creating software, it is imperative to ensure it is not only functional, but also structurally secure, and that security is one of the main priorities in development to ensure it is considered with every addition and change made. However, developers are still human, and mistakes can happen, or be overlooked by other developers, which in turn can cause security concerns to arise during/after the software is tested in which case it falls on the developers to resolve any issues. Solving security concerns as a developer would involve static testing to locate dependencies and vulnerabilities, performing security testing on the software, and applying security risk management techniques to the current software, etc. that would all help to ensure the software is as secure as possible at all levels. Within the software stack and development life cycle it is safe to say that security falls into every stage as it should be continuously considered and monitored at every step of the way to ensure it is deeply ingrained and embedded into both the software itself and the team working on developing and maintaining the software. Although security falls in all stages of both the software stack and the development life cycle it is safe to say there are certain stages where it is more important to be considered than others, such as the plan and develop, and build stages as this is the foundation of the concept of the software and the software itself, therefore it is imperative that security be at the forefront of every concept and development.

To transform a DevOps pipeline into a DevSecOps pipeline continuous security must be implemented that starts with secure coding in which developers are ensuring the products being delivered are complying with security best practices and the established threat models are being followed, then security testing where the software is put through various testing cycles to ensure it meets the desired level of quality, followed by security monitoring which is where known attacks and vulnerabilities are logged and sent to the security team for them to respond to, and finally, security risk management that is a continuous process in which security risks are analyzed and addressed through the application of security controls and threat modeling. In his, “DevSecOps: A Systemic Approach for Secure Software Development,” (2019) Jeganathan suggests creating and following a plan to secure the entire DevOps life cycle which includes starting with a high-level rapid risk assessment (RRA) to allow for risks to be quantified by evaluating threat models, plan and secure the lifecycle tool by applying 2FA/MFA and role- or attribute- based access control models, ensure keys and accounts are properly protected, and enforce segregation of duties. Overall, it is recommended that the plan be followed as it ensures security is at the forefront of planning and development, and allows for security to be continuously evaluated to ensure the software is complying with the best standard practices.

References Jeganathan, S. (2019). DevSecOps: A Systemic Approach for Secure Software Development. ISSA Journal, 17(11), 20–27.

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

Related Documents

CISC 3115 MY9 (SPRING 2023) READINESS EXAM.docx

Week 1 Quiz_ Word Skills_ BIS 111 2OM 2 - Application Software Fundamentals.pdf

Final -Linux Scripting in lab-Adi.docx

tokenizing-test-cases by Arshia.xlsx

Main-Test-Casesv1 by Jeorge & Naiba.xlsx

ITSY 2343 Lab 2.1.2 Hiding data in a picture and a media file.docx

cs 305 m4 written assignment.docx

Saad_Devin_addmultiplyfourints.docx

Saad_Devin_consoleregisterstudent.doc.docx

Saad_Devin_debugfixifstmt.doc.docx

Stine_Unit III Assignment_PLFFS.docx

Assignment2_AnswerSheet_.docx

Recommended textbooks for you

Systems Architecture

Computer Science

ISBN:9781305080195

Author:Stephen D. Burd

Publisher:Cengage Learning

Fundamentals of Information Systems

Computer Science

ISBN:9781337097536

Author:Ralph Stair, George Reynolds

Publisher:Cengage Learning

Principles of Information Systems (MindTap Course...

Computer Science

ISBN:9781285867168

Author:Ralph Stair, George Reynolds

Publisher:Cengage Learning

C++ for Engineers and Scientists

Computer Science

ISBN:9781133187844

Author:Bronson, Gary J.

Publisher:Course Technology Ptr

Fundamentals of Information Systems

Computer Science

ISBN:9781305082168

Author:Ralph Stair, George Reynolds

Publisher:Cengage Learning

Principles of Information Systems (MindTap Course...

Computer Science

ISBN:9781305971776

Author:Ralph Stair, George Reynolds

Publisher:Cengage Learning

SEE MORE TEXTBOOKS

Recommended textbooks for you

Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
C++ for Engineers and Scientists
Computer Science
ISBN:9781133187844
Author:Bronson, Gary J.
Publisher:Course Technology Ptr
Fundamentals of Information Systems
Computer Science
ISBN:9781305082168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning