戴启铭  等:DevSecOps:DevOps 下实现持续安全的实践探索                                            3033


                [22]    Prates L, Faustino J, Silva M, Pereira R. DevSecOps metrics. In: Proc. of the Euro Symp. on Systems Analysis and Design. Cham:
                     Springer-Verlag, 2019. 7790.
                [23]    Che X. New ideas  of  network  security from devops  to DevSecOps. Communications  World,  2019(25):4548  (in Chinese with
                     English abstract).
                [24]    Liu CJ. Some thoughts on enterprise security of DevSecOps. Computer & Network, 2017,43(19):5455 (in Chinese with English
                     abstract).
                [25]    Auger P. Information Sources in Grey Literature. 4th ed., Bowker Saur, 2017.
                [26]    Salleh  N, Mendes  E,  Grundy J.  Empirical studies of  pair programming for  CS/SE teaching in higher  education: A systematic
                     literature review. IEEE Trans. on Software Engineering, 2010,37(4):509525.
                [27]    MacDonald N. Reimagining security and IT resilience for a cloud-native DevSecOps world. Technical Report, G00350812, Gartner,
                     2018.
                [28]    Garousi V, Felderer M, Mäntylä Mika V. Guidelines for including grey literature and conducting multivocal literature reviews in
                     software engineering. Information and Software Technology, 2019,106:101121.
                [29]    Tomas N, Li J, Huang, H. An empirical study on culture, automation, measurement, and sharing of DevSecOps. In: Proc. of the
                     2019 Int’l Conf. on Cyber Security and Protection of Digital Services (Cyber Security). IEEE, 2019. 18.
                [30]    Erich F.  DevOps  is simply interaction between development  and operations. In: Proc. of the Int’l  Workshop on Software
                     Engineering Aspects of Continuous Development and New Paradigms of Software Production and Deployment. Cham: Springer-
                     Verlag, 2018. 8999.
                [31]    de França B, Jeronimo H, Travassos GH. Characterizing DevOps by hearing multiple voices. In: Proc. of the 30th Brazilian Symp.
                     on Software Engineering. ACM, 2016. 5362.
                [32]    Willis J. What devops means to me. 2010. https://www.chef.io/blog/2010/07/16/what-devops-means-to-me/
                [33]    Leite L, Rocha C, Kon  F, Milojicic D, Meirelles  P. A  survey  of DevOps concepts and challenges. ACM Computing  Surveys
                     (CSUR), 2019,52(6):135.
                [34]    Fitzgerald  B, Stol KJ. Continuous software  engineering: A roadmap  and  agenda. Journal of Systems  and Software, 2017,123:
                     176189.
                [35]    Humble J, Molesky J. Why enterprises must adopt DevOps to enable continuous delivery. Cutter IT Journal, 2011,24(8):612.
                [36]    Leau Y, Loo W, Tham W, Tan S. Software development life cycle AGILE vs traditional approaches. Int’l Conf. on Information and
                     Network Technology, 2012,37(1):162167.
                [37]    Huang H, Zhang H, Shao D. Practical impacts of automation tools in support of DevOps in China. Ruan Jian Xue Bao/Journal of
                     Software, 2019,30(10):30563070 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/5788.htm [doi: 10.13328/j.
                     cnki.jos.005788]
                [38]    Jin ZF, Zhang YW, YE WH, Zhang H, Shao D. Research on application of DevOps in documentation towards full value delivery.
                     Ruan Jian Xue Bao/Journal of Software, 2019,30(10):31273147 (in Chinese with English abstract). http://www.jos.org.cn/1000-
                     9825/5792.htm [doi: 10.13328/j.cnki.jos.005792]
                [39]    Bird J. DevOpsSec: Securing Software through Continuous Delivery. Sebastopol: O’Reilly Media, 2016.
                [40]    Erich F, Amrit C, Daneva M. A qualitative study of DevOps usage in practice. Journal of Software: Evolution and Process, 2017,
                     29(6):e1885.
                [41]    Mohan V, Othmane L. SecDevOps: Is it a marketing buzzword? Mapping research on security in DevOps. In: Proc. of the 11th Int’l
                     Conf. on Availability, Reliability and Security (ARES). IEEE, 2016. 542547.
                [42]    McCarthy M, Herger L, Khan S, Belgodere B. Composable DevOps: Automated ontology based DevOps maturity analysis. In: Proc.
                     of the 2015 IEEE Int’l Conf. on Services Computing. New York: IEEE, 2015. 600607.
                [43]    Vadapalli  S. DevOps: Continuous Delivery,  Integration, and  Deployment with DevOps: Dive  Into the  Core DevOps  Strategies.
                     Packt Publishing Ltd., 2018.
                [44]    Yasar H, Kontostathis K. Where to integrate security practices on DevOps platform. Int’l Journal of Secure Software Engineering
                     (IJSSE), 2016,7(4):3950.
                [45]    Mead NR, Stehney T. Security quality requirements engineering (SQUARE) methodology. ACM SIGSOFT Software Engineering
                     Notes, 2005,30(4):17.
                [46]    Shostack A. Threat Modeling: Designing for Security. John Wiley & Sons, 2014.
                [47]    Maruping M, Zhang X, Venkatesh V. Role  of collective  ownership and coding standards in coordinating expertise  in  software
                     project teams. European Journal of Information Systems, 2019,18(4):355371.