Back to Search Start Over

Enhancing DevSecOps practice with Large Language Models and Security Chaos Engineering.

Authors :
Bedoya, Martin
Palacios, Sara
Díaz-López, Daniel
Laverde, Estefania
Nespoli, Pantaleone
Source :
International Journal of Information Security. Dec2024, Vol. 23 Issue 6, p3765-3788. 24p.
Publication Year :
2024

Abstract

Recently, the DevSecOps practice has improved companies' agile production of secure software, reducing problems and improving return on investment. However, overreliance on security tools and traditional security techniques can facilitate the implementation of vulnerabilities in different stages of the software lifecycle.. Thus, this paper proposes the integration of a Large Language Model to help automate threat discovery at the design stage and Security Chaos Engineering to support the identification of security flaws that may be undetected by security tools. A specific use case is described to demonstrate how our proposal can be applied to a retail company that has the business need to produce rapidly secure software. [ABSTRACT FROM AUTHOR]

Subjects

Subjects :
*LANGUAGE models
*COMPUTER software security
*RATE of return
*CLOUD computing
*FOREIGN language education

Details

Language :
English
ISSN :
16155262
Volume :
23
Issue :
6
Database :
Academic Search Index
Journal :
International Journal of Information Security
Publication Type :
Academic Journal
Accession number :
180236510
Full Text :
https://doi.org/10.1007/s10207-024-00909-w
Full Text Access
View/download PDF

Tools

Authors Abstract Subjects Details