Abstract:
The development, security, and operations (DevSecOps) paradigm, which involves
incorporating security practices into the software development process, is becoming
increasingly popular as an effective way to achieve secure and efficient software
development. This research explores the crucial role of standardization in DevSecOps
practices and its impact on enhancing the security posture of software development
in Sri-Lanka while attempting to identify the current industry standards for
DevSecOps. Secondly, it intends to choose a suitable standard to assess the security
level of software development companies in Sri-Lanka and then to analyze the
DevSecOps components that are most effective for measuring security levels.
Additionally, a Standardization Maturity Model (SMM) is designed and developed
to measure security levels based on the selected standard. Finally, the research
measures security levels in Sri Lankan software development companies by utilizing
the DevSecOps standards at the Department of Defense. The study employs a mixed-methods approach, to understand the current state of DevSecOps practices and
standardization efforts in the Sri-Lankan software development industry. The
research methodology involves surveys and interviews with DevOps stakeholders:
practitioners, engineers, tech leads, and security professionals. The collected data
were analyzed to assess the existing practices, identify security challenges, and
evaluate the level of adoption of standardized DevSecOps practices in Sri-Lanka. The
study contributes to the existing body of knowledge by highlighting the significance
of standardization in DevSecOps practices in Sri-Lanka. The findings will shed light
on the security landscape in software development, identify potential areas for
improvement, and propose recommendations for adopting standardized DevSecOps
practices.