Usability Testing within a Devsecops Environment

Abstract

Software Development, Security, and Operations, or "DevSecOps", is a concept that has been implemented in the engineering domain to enable faster iteration release and increased fluidity with enhanced security. As iterations become smaller and more frequent, less risk is involved with each deployment. Reducing risk is a significant part of any engineering endeavor, particularly in the aviation domain. Of the fundamental DevSecOps elements, the meshing of teams enables more free-flowing communication. DevSecOps is also an ideal methodology for inviting change in how teams operate during product creation. A team’s interpretation of a product does not always align with the needs of end-users and their requirements. Formally bringing end-users into the feedback loop would be the logical step for amending this misalignment. One fundamental aspect is ensuring a vehicle exists to bring user feedback into the team's field of view. The solution to this is to integrate a formalized testing methodology that invokes this feedback from future users. An ideal method of accomplishing this is through a process called usability testing. This process involves inviting representative users to utilize major touchpoints and features, ensuring safety and effectivity. Usability testing is best performed "early and often" to allow corrective measures to be taken if needed. As the DevSecOps cycle is iterative in nature, this poses the ideal opportunity to include user-based testing, enabling user facing modifications to become more dynamically engineered and honed to the area of interest, while maintaining built-in security. By testing software and user-facing elements in multiple times within each release the team is afforded more granular insight into the holistic state of the product without negating security considerations.