TY - JOUR
T1 - Enhancing DevSecOps practice with Large Language Models and Security Chaos Engineering
AU - Bedoya, Martin
AU - Palacios, Sara
AU - Díaz-López, Daniel
AU - Laverde, Estefania
AU - Nespoli, Pantaleone
N1 - Publisher Copyright:
© The Author(s) 2024.
PY - 2024
Y1 - 2024
N2 - Recently, the DevSecOps practice has improved companies’ agile production of secure software, reducing problems and improving return on investment. However, overreliance on security tools and traditional security techniques can facilitate the implementation of vulnerabilities in different stages of the software lifecycle. Thus, this paper proposes the integration of a Large Language Model to help automate threat discovery at the design stage and Security Chaos Engineering to support the identification of security flaws that may be undetected by security tools. A specific use case is described to demonstrate how our proposal can be applied to a retail company that has the business need to produce rapidly secure software.
AB - Recently, the DevSecOps practice has improved companies’ agile production of secure software, reducing problems and improving return on investment. However, overreliance on security tools and traditional security techniques can facilitate the implementation of vulnerabilities in different stages of the software lifecycle. Thus, this paper proposes the integration of a Large Language Model to help automate threat discovery at the design stage and Security Chaos Engineering to support the identification of security flaws that may be undetected by security tools. A specific use case is described to demonstrate how our proposal can be applied to a retail company that has the business need to produce rapidly secure software.
UR - http://www.scopus.com/inward/record.url?scp=85205722317&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85205722317&partnerID=8YFLogxK
U2 - 10.1007/s10207-024-00909-w
DO - 10.1007/s10207-024-00909-w
M3 - Research Article
AN - SCOPUS:85205722317
SN - 1615-5262
JO - International Journal of Information Security
JF - International Journal of Information Security
ER -