戴启铭  等:DevSecOps:DevOps 下实现持续安全的实践探索                                            3035


                [81]    Henry J. Why isn’t secure DevOps being practiced? 2018. https://securityintelligence.com/why-isnt-secure-devops-being-practiced/
                [82]    Robinson M. DevSecOps: A complete guide to what, why, and how. 2019. https://www.plutora.com/blog/devsecops-guide
                [83]    Drinkwater D. What is DevSecOps? Developing more secure applications. 2018. https://www.csoonline.com/article/3245748/what-
                     is-devsecops-developing-more-secure-applications.html
                [84]    Scalyr. DevOps security challenges and how to deal with them.2019. https://www.scalyr.com/blog/devopssec-challenges/
                [85]    Woods  J. Cloud, automation and  the future  of DevSecOps.  2019.  https://www.symantec.com/blogs/feature-stories/cloud-
                     automation-and-future-devsecops
                [86]    Sharma S. The DevOps Adoption Playbook: A Guide to Adopting DevOps in a Multi-speed IT Enterprise. John Wiley & Sons,
                     2017.
                [87]    Hasselbring W, Henning  S,  Latte B,  et  al. Industrial  DevOps. In: Proc. of the 2019  IEEE Int’l  Conf. on Software  Architecture
                     Companion (ICSA-C). IEEE, 2019. 123126.
                [88]    Johnson B, Song Y, Murphy-Hill E, et al. Why don’t software developers use static analysis tools to find bugs? In: Proc. of the
                     35th Int’l Conf. on Software Engineering (ICSE). IEEE, 2013. 672681.
                [89]    Bass L, Holz R, Rimba  P,  et  al. Securing  a deployment pipeline. In: Proc. of the 3rd IEEE/ACM Int’l Workshop on  Release
                     Engineering. IEEE, 2015. 47.
                [90]    Khan R, McLaughlin K, Laverty D, et al. STRIDE-based threat modeling for cyber-physical systems. In: Proc. of the 2017 IEEE
                     PES Innovative Smart Grid Technologies Conf. Europe (ISGT-Europe). IEEE, 2017. 16.
                [91]    Rivera-Ibarra JG, Rodríguez-Jacobo J, Serrano-Vargas MA. Competency framework for software engineers. In: Proc. of the 23rd
                     IEEE Conf. on Software Engineering Education and Training. IEEE, 2010. 3340.
                 附中文参考文献:
                 [11]  刘博涵,张贺,董黎明.DevOps 中国调查研究.软件学报,2019,30(10):32063226. http://www.jos.org.cn/1000-9825/5796.htm  [doi:
                     10.13328/j.cnki.jos.005796]
                 [23]  车昕.网络安全新思路:从 DevOps 到 DevSecOps.通信世界,2019(25):4548.
                 [24]  刘长建.DevSecOps 的一些关于企业安全的思考.计算机与网络,2017,43(19):5455.
                 [37]  黄璜,张贺,邵栋.自动化工具对中国 DevOps 实践的影响.软件学报,2019,30(10):30563070. http://www.jos.org.cn/1000-9825/
                     5788.htm [doi: 10.13328/j.cnki.jos.005788]
                 [38]  金泽锋,张佑文,叶文华,张贺,邵栋.面向完整价值交付的文档 DevOps 应用研究.软件学报,2019,30(10):31273147. http://www.
                     jos.org.cn/1000-9825/5792.htm [doi: 10.13328/j.cnki.jos.005792]



                              戴启铭(1996－),男,学士,CCF 学生会员,                    荣国平(1977－),男,博士,副研究员,CCF
                              主要研究领域为 软件过程改进,DevSec                        专业会员,主要研究领域为软件过程实证
                              Ops,软件安全.                                    软件工程.



                              毛润丰(1996－),男,学士,CCF 学生会员,                    沈海峰(1971－),男,博士,教授,博士生导
                              主要研究领域为 软件过程改进,DevSec                        师,主要研究领域为 Software Engineering,
                              Ops.                                         Human Computer  Interaction, Human-
                                                                           Centered Artificial Intelligence, Simulation
                                                                           and Visualization.

                              黄璜(1996－),男,学士,CCF 学生会员,主                    邵栋(1976－),男,副教授,CCF 专业会员,
                              要研究 领域 为软 件工程 中的 人与 社 会                      主要研究领域为软件过程,高科技市场理
                              方面.                                          论,敏捷软件开发,软件工程教育.