Abstract

Techniques are presented herein that shift the risk assessment focus during a software development process, away from the traditional end-of-process review (when a new feature is delivered, or an application is deployed) to earlier in the process when developers are actively at work. Such an approach allows a developer to assess the risk that a candidate software change is about to introduce prior to the developer committing that change, providing the developer with time (during the early portion of the process) to revisit the software and eliminate the identified risk. Aspects of the presented techniques leverage elements of a continuous integration (CI) and continuous deployment (CD) facility, the results that are available from existing unit and end-to-end tests, and the collection and analysis of OpenTelemetry (OTEL)-based metrics, events, logs, and traces (MELT) data to deliver security insights.

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 License.

Recommended Citation

H Raithatha, Dhruv; Sivasubramanian, Girish; A Foley, John; Nadiminti, Chandra Mohan Babu; and Birdsall, Randy, "ASSESSING RISK INTRODUCED THROUGH A CODE CHANGE", Technical Disclosure Commons, (August 08, 2023)
https://www.tdcommons.org/dpubs_series/6126

Download

COinS

Technical Disclosure Commons

Defensive Publications Series

ASSESSING RISK INTRODUCED THROUGH A CODE CHANGE

Abstract

Creative Commons License

Recommended Citation

Browse

Search

Submit

Additional Information

Technical Disclosure Commons

Defensive Publications Series

ASSESSING RISK INTRODUCED THROUGH A CODE CHANGE

Inventor(s)

Abstract

Creative Commons License

Recommended Citation

Share

Browse

Search

Submit

Additional Information