DevSecOps Platform-Independent Model
Due to their unique software system capability requirements, many organizations in highly regulated environments face challenges implementing DevSecOps while ensuring that adversaries cannot abuse weaknesses in the pipeline. Enter the SEI’s DevSecOps Platform-Independent Model (PIM), which uses a model-based systems engineering (MBSE) approach to formalize the requirements, capabilities, and maturity of DevSecOps and provide relevant guidance. This first-of-its-kind model gives software development organizations the structure and articulation needed for creating, maintaining, securing, and improving their DevSecOps posture.
The SEI PIM helps organizations visualize their pipeline infrastructure, decide how to structure the planning process, and ensure that the pipeline and its associated products are implemented in a secure, safe, and sustainable way. By highlighting their unique strengths and weaknesses, the SEI PIM provides a framework for organizations to recognize appropriate DevSecOps elements in their software development lifecycle, empowering them to choose a customized path to achieve their goals.
The PIM helps organizations improve cybersecurity, providing analysts with a minimum set of MBSE tools to assist with threat identification, analysis, documentation, and subsequent mitigations. The PIM has become a foundational component of SEI DevSecOps-based activities, serving as a reference model for assessments and creating software development documentation. The SEI PIM is free on the SEI’s GitHub site.