Comparing DevSecOps and Systems Engineering Principles

Software developers and sustainers are seeing significant improvement by adopting Lean, Agile and DevSecOps iteration-based approaches. Now similar approaches are being proposed for more complex projects, including embedded software systems and software-driven systems of systems. These systems are generally developed with a strong systems engineering component. The interaction of these two disciplines is not well understood, and experience from early application suggests model clashes between them. In this blog post, I look at the underlying principles espoused by each of these disciplines.

Without some form of mitigation, these differences may elevate overall project risk and could prove a barrier to broader DevSecOps adoption in the U.S. Department of Defense (DoD). Mitigation of the clashes could enhance the success rate of DevSecOps adoption and support adjustments to both disciplines. However, mitigation requires understanding the sources of the clashes. Table 1 identifies some of the fundamental differences between systems engineering as generally practiced and systems engineering for evolving software engineering environments.

Due to the breadth of domains covered by both disciplines, I have gone back to the basic principles of each to better understand the model clashes. Systems engineering principles are generally less focused on activities than the lean, agile, and DevSecOps principles. I therefore present them first and then discuss the DevSecOps principles in terms of their interaction with the systems engineering principles and activities.

Systems Engineering Principles and Activities

The Systems Engineering Body of Knowledge (SEBoK) defines systems engineering as “a transdisciplinary approach and a means to characterize and manage the development of successful systems, where a successful system satisfies the needs of its customers, users, and other stakeholders. Systems engineering focuses on holistically and concurrently understanding stakeholder needs; exploring opportunities; documenting requirements; and synthesizing, verifying, validating, and evolving solutions while considering the complete problem, from system concept exploration through system disposal.” Table 2 shows some of the systems engineering processes that apply to DevSecOps

This article is purposely trimmed, please visit the source to read the full article.

The post Comparing DevSecOps and Systems Engineering Principles appeared first on Carnegie Mellon University's Software Engineering Institute Blog.

This post was originally published on this site