DevSecOps In Embedded Systems: An Empirical Study Of Past Literature

Over the last decade, DevSecOps principles have gained widespread acceptance, replacing many traditional approaches to software development. DevSecOps has helped developers shorten the overall software development life cycle, and as a result, decreased the time to market. Following the broad success of DevSecOps, the next logical progression is to apply DevSecOps principles to other fields to achieve similar results, such as embedded systems. While embedded systems practices may stand to benefit greatly from the inclusion of DevSecOps principles, the field offers many new and unique challenges that have not been faced with traditional software systems. Existing DevSecOps frameworks cannot simply be applied to embedded systems. It is necessary to adapt current DevSecOps frameworks specifically to embedded systems. This piece will first lay out current DevSecOps principles and their application to software systems. Then, an empirical examination of existing work on DevSecOps in embedded systems will be presented. The required components of a DevSecOps framework that have been excluded from previous research will be highlighted, and from this, future areas of research in DevSecOps for embedded systems will be presented. The goal of this work is to summarize and analyze the current state of knowledge on DevSecOps in embedded systems and outline a path for future research. • Computer systems organization → Embedded systems; Redundancy; Robotics; • Networks → Network reliability.