The role of standardization in DevSecOp practices in improving the security posture of software development in Sri Lanka

Abstract

The development, security, and operations (DevSecOps) paradigm, which involves incorporating security practices into the software development process, is becoming increasingly popular as an effective way to achieve secure and efficient software development. This research explores the crucial role of standardization in DevSecOps practices and its impact on enhancing the security posture of software development in Sri-Lanka while attempting to identify the current industry standards for DevSecOps. Secondly, it intends to choose a suitable standard to assess the security level of software development companies in Sri-Lanka and then to analyze the DevSecOps components that are most effective for measuring security levels. Additionally, a Standardization Maturity Model (SMM) is designed and developed to measure security levels based on the selected standard. Finally, the research measures security levels in Sri Lankan software development companies by utilizing the DevSecOps standards at the Department of Defense. The study employs a mixed-methods approach, to understand the current state of DevSecOps practices and standardization efforts in the Sri-Lankan software development industry. The research methodology involves surveys and interviews with DevOps stakeholders: practitioners, engineers, tech leads, and security professionals. The collected data were analyzed to assess the existing practices, identify security challenges, and evaluate the level of adoption of standardized DevSecOps practices in Sri-Lanka. The study contributes to the existing body of knowledge by highlighting the significance of standardization in DevSecOps practices in Sri-Lanka. The findings will shed light on the security landscape in software development, identify potential areas for improvement, and propose recommendations for adopting standardized DevSecOps practices.