Abstract

Context:In today’s software development landscape, the DevSecOps approach has gained traction due to its focus on the software development process and bolstering security measures in projects, a task in light of the ever-evolving cybersecurity threats. Objective:This study aims to address the lack of metrics for quantitatively assessing its efficacy from both security and business logic perspectives. Methods:To tackle this issue, the research introduces the Framework of Business Index Concerning Security (FOBICS), a set of metrics designed to enable transparent evaluations of project security. FOBICS considers various perspectives relevant to DevSecOps practices. It includes factors such as project duration and financial outcomes, making it appealing for implementation in business settings. Results:The effectiveness of FOBICS is validated theoretically and empirically via its application in two real-world projects: the results from these implementations show a correlation between FOBICS metrics and the security strategies employed as the development methodologies adopted by diverse teams throughout the projects. Conclusion:Hence, FOBICS emerges as a tool for assessing and continuously monitoring project security, offering insights into areas of strength and areas that may require enhancement. FOBICS is shown to be effective in assessing the level of DevSecOps implementation. The ease of calculating FOBICS metrics makes them easily interpretable and continuously verifiable. Moreover, FOBICS summarizes most of the other quantitative and qualitative metrics in the literature.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.