Enhancing DevSecOps practice with Large Language Models and Security Chaos Engineering

Martin Bedoya; Sara Palacios; Daniel Díaz-López; Estefania Laverde; Pantaleone Nespoli

doi:10.1007/s10207-024-00909-w

Enhancing DevSecOps practice with Large Language Models and Security Chaos Engineering

Martin Bedoya
, Sara Palacios
, Daniel Díaz-López
, Estefania Laverde
, Pantaleone Nespoli

Producción científica: Contribución a revista › Artículo de Investigación › revisión exhaustiva

15 Citas (Scopus)

Resumen

Recently, the DevSecOps practice has improved companies’ agile production of secure software, reducing problems and improving return on investment. However, overreliance on security tools and traditional security techniques can facilitate the implementation of vulnerabilities in different stages of the software lifecycle. Thus, this paper proposes the integration of a Large Language Model to help automate threat discovery at the design stage and Security Chaos Engineering to support the identification of security flaws that may be undetected by security tools. A specific use case is described to demonstrate how our proposal can be applied to a retail company that has the business need to produce rapidly secure software.

Idioma original	Inglés estadounidense
Publicación	International Journal of Information Security
DOI	https://doi.org/10.1007/s10207-024-00909-w
Estado	En prensa - 2024

Áreas temáticas de ASJC Scopus

Software
Sistemas de información
Seguridad, riesgos, fiabilidad y calidad
Redes de ordenadores y comunicaciones

Acceder al documento

10.1007/s10207-024-00909-w

Otros archivos y enlaces

Citar esto

@article{8d4c04a2ee224b498be0762eb30b1766,

title = "Enhancing DevSecOps practice with Large Language Models and Security Chaos Engineering",

abstract = "Recently, the DevSecOps practice has improved companies{\textquoteright} agile production of secure software, reducing problems and improving return on investment. However, overreliance on security tools and traditional security techniques can facilitate the implementation of vulnerabilities in different stages of the software lifecycle. Thus, this paper proposes the integration of a Large Language Model to help automate threat discovery at the design stage and Security Chaos Engineering to support the identification of security flaws that may be undetected by security tools. A specific use case is described to demonstrate how our proposal can be applied to a retail company that has the business need to produce rapidly secure software.",

author = "Martin Bedoya and Sara Palacios and Daniel D{\'i}az-L{\'o}pez and Estefania Laverde and Pantaleone Nespoli",

note = "Publisher Copyright: {\textcopyright} The Author(s) 2024.",

year = "2024",

doi = "10.1007/s10207-024-00909-w",

language = "English (US)",

journal = "International Journal of Information Security",

issn = "1615-5262",

publisher = "Springer",

}

TY - JOUR

T1 - Enhancing DevSecOps practice with Large Language Models and Security Chaos Engineering

AU - Bedoya, Martin

AU - Palacios, Sara

AU - Díaz-López, Daniel

AU - Laverde, Estefania

AU - Nespoli, Pantaleone

PY - 2024

Y1 - 2024

N2 - Recently, the DevSecOps practice has improved companies’ agile production of secure software, reducing problems and improving return on investment. However, overreliance on security tools and traditional security techniques can facilitate the implementation of vulnerabilities in different stages of the software lifecycle. Thus, this paper proposes the integration of a Large Language Model to help automate threat discovery at the design stage and Security Chaos Engineering to support the identification of security flaws that may be undetected by security tools. A specific use case is described to demonstrate how our proposal can be applied to a retail company that has the business need to produce rapidly secure software.

AB - Recently, the DevSecOps practice has improved companies’ agile production of secure software, reducing problems and improving return on investment. However, overreliance on security tools and traditional security techniques can facilitate the implementation of vulnerabilities in different stages of the software lifecycle. Thus, this paper proposes the integration of a Large Language Model to help automate threat discovery at the design stage and Security Chaos Engineering to support the identification of security flaws that may be undetected by security tools. A specific use case is described to demonstrate how our proposal can be applied to a retail company that has the business need to produce rapidly secure software.

UR - https://www.scopus.com/pages/publications/85205722317

UR - https://www.scopus.com/pages/publications/85205722317#tab=citedBy

U2 - 10.1007/s10207-024-00909-w

DO - 10.1007/s10207-024-00909-w

M3 - Research Article

AN - SCOPUS:85205722317

SN - 1615-5262

JO - International Journal of Information Security

JF - International Journal of Information Security

ER -

Enhancing DevSecOps practice with Large Language Models and Security Chaos Engineering

Resumen

Áreas temáticas de ASJC Scopus

Acceder al documento

Otros archivos y enlaces

Huella

Citar esto