Journal of Information Security Reserach ›› 2023, Vol. 9 ›› Issue (12): 1210-.
Previous Articles Next Articles
Zhu Dian1, Yang Yang1, Yu Da2, and Song Liujie2
Online:
Published:
朱典1杨阳1余达2宋刘结2
通讯作者:
作者简介:
Abstract: As an important carrier of data, government business systems are often the most important targets of attack, and government security construction pays more attention to compliance requirements, ensuring business operation through security products and services, while application endogenous security is ignored. In order to adapt to the high security requirements of the current digital government and meet the current scenario of intensive digital government construction, it is necessary to shift security to the left and focus on supply chain and application endogenous security. The government’s information project construction model needs to prioritize development work, and security needs to be closely integrated with the research and development process. DevSecOps, as an emerging security development model, has entered the field of digital government application development. The application development security system enabled by DevSecOps can improve the development process, reduce security repair costs, shorten development cycles, and greatly enhance the level of digital government security.
Key words: digital government, Digital Security, Shift Security To The Left, DevSecOps, S-SDLC
摘要: 政务业务系统作为数据的重要载体,往往是最重要的攻击对象,而政府的安全建设更加关注合规要求,通过安全产品和安全服务保障业务运行,应用内生安全被忽视.为适应当前数字政府的高安全要求,符合当前数字政府集约化建设的场景,需要将安全左移,关注供应链和应用内生安全,政府的信息化项目建设模式需要将开发工作前置,安全需要与研发过程紧密结合.DevSecOps作为新兴起的安全开发模式开始涉足数字政府应用开发领域.基于DevSecOps赋能的应用开发安全体系可以改进开发流程,降低安全修复成本,缩短开发周期,大大提升数字政府应用安全水平.
关键词: 数字政府, 数字安全, 安全左移, 开发安全运营, 安全软件开发全生命周期
CLC Number:
TP311.5
TP309.2
朱典, 杨阳, 余达, 宋刘结, . DevSecOps在数字政府建设中的实践研究[J]. 信息安全研究, 2023, 9(12): 1210-.
0 / / Recommend
Add to citation manager EndNote|Ris|BibTeX
URL: http://www.sicris.cn/EN/
http://www.sicris.cn/EN/Y2023/V9/I12/1210