Xhesika Ramaj1, Mary Sanchez-Gordon1, Vasileios Gkioulos2, Ricardo Colomo-Palacios3. 1: Østfold University College, Norway; 2: Norwegian University of Science and Technology, Norway; 3: Universidad Politécnica de Madrid, Spain.

Abstract:

Risk management is essential for ensuring the sustained viability of organizations over the long term. It plays a pivotal role in business by helping to identify potential threats and vulnerabilities, thereby enabling well-informed decision-making. Within the context of critical infrastructures, it takes on even greater significance. DevSecOps is an innovative approach to bolstering security of software applications. This approach is being heralded as a transformative solution that encourages the adoption of robust security practices, reduces risk, and ensures uninterrupted business continuity. This study conducts a qualitative approach to unveil the needs and goals of implementing DevSecOps in critical infrastructures from the perspective of DevOps, developers, and security experts. Findings show that the relevance of DevSecOps in critical infrastructures emerges from the need for proactive work, increased efficiency, automation, monitoring mechanisms, security, and outstanding products and services. Findings also identify the goals for establishing a stronger market presence, increasing revenues, and maintaining a leading position in the market. The study contributes to the existing DevSecOps literature by providing insights on DevSevOps in risk management in critical infrastructures. This can potentially encourage the adoption of DevSecOps and guide practitioners interested in leveraging the inherent benefits of this approach in the context of critical infrastructures.