Analysis of the Implementation of DevSecOps Policies and Technology towards Reducing the Number of Vulnerabilities in the Telecommunications Industry: Case Study of MyApps Application at PT XYZ
Main Article Content
The acceleration of digitalization is highly needed by the telecommunications industry to compete in both national and international markets. To meet this challenge, the telecommunications industry has begun to implement a new approach in application development and deployment, namely by utilizing cloud computing and agile methods. In this case, PT XYZ applies the DevSecOps approach so that each development cycle includes aspects of development speed, security, and operations in an integrated manner. However, in the early stages of implementing the DevSecOps policy, various vulnerabilities were found in the application being developed, in this case the MyApps application. This problem shows that a technology or early detection mechanism is needed to identify vulnerabilities before the application enters the production stage. Therefore, this study was conducted with the aim of reducing the number of vulnerabilities in the MyApps application, thereby enabling safer and more efficient application development. The results of the study showed a reduction in the number of vulnerabilities from SAST by 78.1%, from container scans by 86.7%, and total vulnerabilities by 83.6% in the MyApps application, thus minimizing the risk of cyber attacks in the future.
Amankwah-Amoah, J., Khan, Z., Wood, G., & Knight, G. (2021). COVID-19 and digitalization: The great acceleration. Journal of Business Research, 136, 602–611.
Andayana, M. N. D. (2023). Evaluation of the implementation of the Family Hope Program (PKH) in poverty alleviation. Integration: Journal of Social Sciences and Culture, 1(4), 147–159. https://doi.org/10.38142/ijssc.v1i4.130
Battina, D. S. (2021). The challenges and mitigation strategies of using DevOps during software development. International Journal of Creative Research Thoughts (IJCRT), ISSN 2320–2882.
Byrne, K., & Cevenini, A. (2022). Aligning DevOps concepts with agile models of the software development life cycle (SDLC) in pursuit of continuous regulatory compliance. Conference on Innovative Technologies in Intelligent Systems and Industrial Applications, 359–374.
Döhring, B., Hristov, A., Maier, C., Roeger, W., & Thum-Thysen, A. (2021). COVID-19 acceleration in digitalisation, aggregate productivity growth and the functional income distribution. International Economics and Economic Policy, 18(3), 571–604.
Dupont, S., Mouton, S., De Oliveira, A. S., Lekens, T., Costante, E., Merlo, A., & Valenza, F. (2021). Incremental common criteria certification processes using DevSecOps practices. In Proceedings - 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW 2021) (pp. 12–23). Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/EuroSPW54576.2021.00009
Effendi, G. N., & Pribadi, U. (2021). The effect of leadership style on the implementation of artificial intelligence in government services. IOP Conference Series: Earth and Environmental Science, 717(1). https://doi.org/10.1088/1755-1315/717/1/012018
Gavrila Gavrila, S., & de Lucas Ancillo, A. (2021). COVID-19 as an entrepreneurship, innovation, digitization and digitalization accelerator: Spanish Internet domains registration analysis. British Food Journal, 123(10), 3358–3390.
Kolawole, I., & Fakokunde, A. (2024). Improving software development with continuous integration and deployment for agile DevOps in engineering practices. International Journal of Computer Applications Technology and Research, 14(1), 25–39.
Kumar, R., & Goyal, R. (2020). Modeling continuous security: A conceptual model for automated DevSecOps using open-source software over cloud (ADOC). Computers & Security, 97, Article 101967. https://doi.org/10.1016/j.cose.2020.101967
Popentiu-Vladicescu, F., & Albeanu, G. (2022). Increasing SoS dependability by DevSecOps. In ICETECC 2022 - International Conference on Emerging Technologies in Electronics, Computing and Communication. Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/ICETECC56662.2022.10069468
Rahman, A., & Parnin, C. (2023). Detecting and characterizing propagation of security weaknesses in Puppet-based infrastructure management. IEEE Transactions on Software Engineering, 49(6), 3536–3553. https://doi.org/10.1109/TSE.2023.3265962
Sojan, A., Rajan, R., & Kuvaja, P. (2021). Monitoring solution for cloud-native DevSecOps. In Proceedings - 2021 IEEE 6th International Conference on Smart Cloud (SmartCloud 2021) (pp. 125–131). Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/SmartCloud52277.2021.00029
Subagyo, E. P., & Ramli, K. (2022). Analyzing the impact of information security awareness training to the employees of Telco Company XYZ. Budapest International Research and Critics Institute (BIRCI-Journal): Humanities and Social Sciences, 5(2). https://doi.org/10.33258/birci.v5i2.4666
Truong, H. L., & Klein, P. (2020). DevOps contract for assuring execution of IoT microservices in the edge. Internet of Things, 9, Article 100150. https://doi.org/10.1016/j.iot.2019.100150
Wang, Z., Guo, G., Liu, C., & Zhu, W. (2022). Research on railway DevSecOps system construction based on “People–Process–Technology.” In Proceedings - 2022 2nd International Signal Processing, Communications and Engineering Management Conference (ISPCEM 2022) (pp. 19–23). Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/ISPCEM57418.2022.00010
