Просматривается номер   2025 / 03
For readers
About journal
Publication Ethics
Requirements for papers
Topics
Review Process
English (United Kingdom)Russian (CIS)
INTELLIGENCE SYSTEMS AND TECHNOLOGIES
A. V. Gayer Computationally Efficient Detection of the Region of Interest of the Russian Passport in the Image
E. V. Degtiareva, E. N. Kruchkova Models and Methods for Automatic Comparative Semantic Analysis of Scientific Texts
M. D. Borodin, M. L. Rysin Enhancing the Accuracy of Dental Diagnostics from X(ray Images Based on the Neural Network Software System
K. S. Nikolaev Semantic Formula Search Service for a Collection of Mathematical PDF Documents
A. V. Belinsky, D. V. Gorlov, I. A. Pyatyshev, A. E. Titov Neural Operator-Based Modeling of Gas Dynamics in Energy Sector Pipeline Systems
COMPUTING SYSTEMS AND NETWORKS
P. А. Pavlov Graph!Analytical Solution of Distributed Process Execution Time Problems
A. V. Mukhin Development of Extensible Microservice Architecture for Data Analysis
A. A. Sorokin The Current Status and Future Trends for the Development of Scientific Computer Infrastructure in the Russian Far East
MATHEMATICAL MODELLING
L. A. Mylnikov, D. E. Kunakbaev, A. A. Ivanov Quantitative Assessment of Information Process Performance via Modeling and Statistical Analysis
M. V. Shlyakhov, E. О. Petrenko, V. E. Pyatetsky, N. N. Bakhtadze Digital Predictive Identification Models for Operational Parameter Dynamics of Thermal Power Generation Equipment
DATA PROCESSING AND ANALYSIS
A. V.Blinov, S. V.Bezzateev Comprehensive Integration of Security Practices into the Software Development Lifecycle
MANAGEMENT AND DECISION MAKING
O. L. Golubeva Strategies for Implementing ERP in Small and Medium Sized Enterprises
A. V.Blinov, S. V.Bezzateev Comprehensive Integration of Security Practices into the Software Development Lifecycle
Abstract. 

The article analyzes modern approaches to software security, such as "shift left", "zero trust" and "security gates". The authors systematize the methods and means of protection, carry out a comparative analysis of their effectiveness and propose ways of their integrated application at different stages of the software life cycle. The study includes an analysis of modern scientific publications and recommendations in the field of information security, popular views and limitations of each approach. A role model, its structure and potential scenarios of application in the development of individual projects are provided. The capabilities of static and dynamic code analysis tools, supply chain protection and access control in DevSecOps processes are considered. As a result of the analysis, the main problems were identified and research was conducted, recommendations for improving the existing practice were proposed. 

Keywords: 

information security, software development, security control, role-based models, vulnerabilities, security analysis, static code analysis, dynamic testing, access management, reliable systems. 

DOI 10.14357/20718632250311

EDN OYTOZQ

PP. 123-132.

References

1. Kim, G., Humble, J., Debois, P., & Willis, J. (2016). The DevOps Handbook: How to Create World-Class Agility, Reliability, & Security in Technology Organizations. IT Revolution Press.
2. Kuz'mina, S. P. Rol' pajplajnov v sovremennoj kiberbezopasnosti: avtomatizaciya, zashchita i reagirovanie na ugrozy // Internauka. 2024. № 33-1(350). pp. 9-10.
3. Pitchford M. The ‘Shift Left’ Principle // New Electronics. 2021. № 14(54). pp. 18-21. – DOI: 10.12968/s0047-9624(22)60234-7.
4. Syed, N. F., Shah, S. W., Shaghaghi, A., Anwar, A., Baig, Z., Doss, R. Zero trust architecture (ZTA): A comprehensive survey // IEEE Access. 2022. c. 57143-57179. DOI: 10.1109/access.2022.3174679
5. Rose, S., Borchert, O., Mitchell, S., Connelly, S. Zero Trust Architecture // NIST Special Publication 800-207. 2020.
6. How control gates can help secure the software development life cycle [Электронный ресурс]. URL: https://www.route-fifty.com/cybersecurity/2009/12/howcontrol-gates-can-help-secure-the-software-developmentlife-cycle/287743 (дата обращения: 05.01.2025).
7. Tuleubaeva A.A., Norkina A.N. Sovremennye problemy informacionnoj bezopasnosti v razrabotke programmnogo obespecheniya // Ugrozy i riski finansovoj bezopasnosti v kontekste cifrovoj transformacii: Materialy VII Mezhdunarodnoj nauchno-prakticheskoj konferencii Mezhdunarodnogo setevogo instituta v sfere POD/FT, Moscow, 24.11.2021. – Moskva: Nacional'nyj issledovatel'skij yadernyj universitet "MIFI", 2021. pp. 670-676.
8. Køien, G. M. A Philosophy of Security Architecture Design // Wireless Personal Communications. 2020. № 3(113). pp. 1615-1639. DOI: 10.1007/s11277-020-07310-5.
9. Seliverstov S.D., Mironenko Y.V. Obzor metodologii DevSecOps i ee klyuchevyh instrumentov dlya vnedreniya i obespecheniya bezopasnoj razrabotki PO // Student of the Year 2024 – sbornik statej Mezhdunarodnogo nauchno-issledovatel'skogo konkursa. Penza, 2024. pp. 107-111. 
10. Fathi, V.A., D'yachenko N.V. Testirovanie bezopasnosti prilozhenij // Inzhenernyj vestnik Dona. 2021. № 5(77). pp. 108-120.
11. Reddy Chittibala, D. DevSecOps: Integrating Security into the DevOps Pipeline // International Journal of Science and Research. 2023. № 12(12). C. 2074-2078. DOI 10.21275/sr24304171058.
12. Zinov'ev, L.D., Kaleda R.A. Primenenie metodov DevSecPps dlya integracii bezopasnosti v kazhdyj etap zhiznennogo cikla programmnogo obespecheniya // Informacionnye tekhnologii v nauke i obrazovanii. Problemy i perspektivy: Sbornik statej po materialam XI Vserossijskoj nauchno-prakticheskoj konferencii, g. Penza, 13.032.024. Penza: Penzenskij gosudarstvennyj universitet, 2024. pp. 271-273.
13. Almuairfi S. Security controls in infrastructure as code // Computer Fraud & Security. 2020. № 10(2020). P. 13-19. DOI: 10.1016/S1361-3723(20)30109-3.
14. Malyshev E. A. Obespechenie informacionnoj bezopasnosti tekhnologi-cheskogo konvejera razrabotki programmnogo obespecheniya // Interekspo Geo-Sibir'. 2023. № 2(7). P. 56-62.
     
2026 / 01
2025 / 04
2025 / 03
2025 / 02

© ФИЦ ИУ РАН 2008-2018. Создание сайта "РосИнтернет технологии".