Segurança na cadeia de suprimentos internacional : protocolo de gestão de risco para o transporte marítimo de cargas less than container load

Bonatto, Heitor

January 2016

A gestão das ameaças e dos riscos nas empresas tem se dedicado a estudar estes problemas, pelo viés de mercado, com o intuito de torná-las mais preparadas para enfrentar estes desafios. Nesse sentido, uma série de instrumentos de análise diagnosticaram que as ameaças e os riscos fazem parte da natureza das relações empresariais. Dentre as inúmeras relações que uma empresa estabelece para atingir os seus objetivos, destacam-se as que estão inseridas em um sistema denominado “cadeia de suprimentos” que, em decorrência do processo de globalização tornou-se internacionalizada. As empresas, ao prolongarem suas cadeias de suprimentos “além fronteiras”, estão submetidas, às influências do ambiente econômico, geopolítico, social e histórico. Nesses ambientes, o ano de 2001 originou uma série de estudos de gestão de risco que identificaram, nas ameaças externas ou exógenas, isto é, as que estão fora do viés de mercado, a possibilidade de tornar a cadeia de suprimentos internacional insegura. Tais ameaças se configuram em ações da natureza e ações praticadas pelo ser humano, por meio de atos criminosos, como, o terrorismo, o tráfico, o contrabando e a pirataria marítima Além das empresas, os países criaram regimes internacionais que buscaram proteger as cadeias de suprimentos, principalmente, em seu sistema de transporte, destacando-se o modo chamado “marítimo”, em razão da sua intensa utilização para transportar cargas. O presente estudo tem como objetivo propor um protocolo de gestão de risco para o transporte marítimo de cargas “less than container load”, para tornar a cadeia de suprimentos internacional mais segura. A metodologia utilizada nesta pesquisa, foi descritiva e documental, já que descreveu o processo de operacionalização e baseou-se na análise dos documentos, utilizados na gestão do transporte marítimo “less than container load”. Conclui-se, assim, que o operador de transporte multimodal, como responsável por operacionalizar uma forma de transportar cargas, a qual torna a cadeia de suprimentos insegura, tem condições e, principalmente, o dever de juntar-se aos outros atores, em prol do aumento da segurança do sistema. / The management of threats and risks in the company has been dedicated to study these problems by market bias in order to make them better prepared to face these challenges. In this regard a number of analytical tools diagnosed threats and risks as part of the business relations. Among the many relationships that a company established to achieve their goals, we highlight those that are embedded in a system called the supply chain, which as a result of the globalization process has become internationalized. Companies to extend their supply chains "across borders", are subject to the influences of economic, geopolitical, social and historical environment. In these environments, the year 2001 led to a series of risk management studies that have identified the external or exogenous threats, those outside the market bias, the possibility of making the chain of uncertain international supplies. Such threats are configured shares of nature and actions taken by humans, by means of criminal acts as terrorism, trafficking, smuggling and maritime piracy In addition to companies, countries have created international regimes that sought to protect supply chains, especially in its transport system, highlighting the called maritime, because of their heavy use to transport cargo. The thesis aims to propose a risk management protocol for the shipping cargo "less than container load" to make the international supply chain more secure. The methodology used was based on descriptive type and documentary because described the operational process and analized documents used in the management of shipping “less than container load”, In conclusion, the multimodal transport operator who is responsible for operating a means of transporting cargo , which makes the supply chain insecure supplies, has conditions , and especially the obligation to join the other actors , in favor of the increase system security.

Logística

Transporte marítimo

Política marítima

Logistic

International supply chain security

World maritime industry

Maritime transport

Risk management

Transnational threats

Adaptive Beyond Von-Neumann Computing Devices and Reconfigurable Architectures for Edge Computing Applications

Hossain, Mousam

01 January 2024

The Von-Neumann bottleneck, a major challenge in computer architecture, results from significant data transfer delays between the processor and main memory. Crossbar arrays utilizing spin-based devices like Magnetoresistive Random Access Memory (MRAM) aim to overcome this bottleneck by offering advantages in area and performance, particularly for tasks requiring linear transformations. These arrays enable single-cycle and in-memory vector-matrix multiplication, reducing overheads, which is crucial for energy and area-constrained Internet of Things (IoT) sensors and embedded devices. This dissertation focuses on designing, implementing, and evaluating reconfigurable computation platforms that leverage MRAM-based crossbar arrays and analog computation to support deep learning and error resilience implementations. One key contribution is the investigation of Spin Torque Transfer MRAM (STT-MRAM) technology scaling trends, considering power dissipation, area, and process variation (PV) across different technology nodes. A predictive model for power estimation in hybrid CMOS/MTJ technology has been developed and validated, along with new metrics considering the Internet of Things (IoT) energy profile of various applications. The dissertation introduces the Spintronically Configurable Analog Processing in-memory Environment (SCAPE), integrating analog arithmetic, runtime reconfigurability, and non-volatile devices within a selectable 2-D topology of hybrid spin/CMOS devices. Simulation results show improvements in error rates, power consumption, and power-error-product metric for real-world applications like machine learning and compressive sensing, while assessing process variation impact. Additionally, it explores transportable approaches to more robust SCAPE implementations, including applying redundancy techniques for artificial neural network (ANN)-based digit recognition applications. Generic redundancy techniques are developed and applied to hybrid spin/CMOS-based ANNs, showcasing improved/comparable accuracy with smaller-sized networks. Furthermore, the dissertation examines hardware security considerations for emerging memristive device-based applications, discussing mitigation approaches against malicious manufacturing interventions. It also discusses reconfigurable computing for AI/ML applications based on state-of-the-art FPGAs, along with future directions in adaptive computing architectures for AI/ML at the edge of the network.

Computer and Systems Architecture

Computer Engineering

Supply Chain Security: Assessing Confidence in Food Defense Compliance as a Function of Management Systems 4.0 Deployment in Truck Transportation

Alvarado, Celso

01 January 2024

The secure transportation of food via trucks within the supply chain is a pivotal aspect of ensuring food safety and defense, necessitating the seamless integration of advanced security control processes and systems. This study primarily investigates how the integrated use of Industry 4.0 (4IR) technologies, such as AI, IoT, and Blockchain, alongside ISO standards like ISO 28001 and ISO 22000, in trucking management systems for food transport influences the confidence of supply chain professionals in ensuring that food products remain safe and untampered with during truck transportation. To ensure the robustness of our survey, a two-round Delphi study involving 10 experts in supply chain management was conducted to validate the survey questions concerning truck security in food transportation. Following this validation, the survey was disseminated across several LinkedIn groups focused on food safety, food transportation, and supply chain management. A total of 55 responses were collected and analyzed. The analysis revealed that seal integrity was considered the most critical aspect of truck security, followed by concerns regarding cabin weight changes and cabin temperature. Conversely, the accuracy of driver records and the number of stops were deemed less significant. These insights facilitated the development of a confidence assessment model, where the confidence rating ��=��(����)+��(������)+��(����)+��(����)+��(������), quantifies the impact of Legacy Controls (LC), Internet of Things (IoT), Artificial Intelligence (AI), Blockchain (BC), and ISO Standards (ISO) in enhancing the security of food transport. The study's findings provide a foundational framework and a critical tool for supply chain professionals, empowering them to make informed decisions on security measures and compliance strategies, thereby ensuring food safety. It also contributes to advancing management practices, integrating industrial engineering principles with emerging technologies, and deepening our understanding of their practical application in food transportation security.

Supply Chain Security

Food Defense Compliance

Management Systems 4.0

Truck Transportation

Industry 4.0 Technologies

IoT/AI/Blockchain Integration

<strong>Countermeasures for Preventing Malicious Infiltration on the Information Technology Supply Chain</strong>

Leah Michelle Roberts (15952769)

31 May 2023

<p>  </p> <p>Supply chain security continues to be an overlooked field with consequences that can disrupt industrial complexes, cause irreparable harm to critical infrastructure services, and bring unparalleled devastation to human lives. These risks, once constrained to physical tactics, have advanced to undetectable cyber strategies as in the case of the infamous third-party attacks on Target and SolarWinds (Wright, 2021). Moreover, no one sector appears to be immune, as a study by the Government Accountability Office (GAO) found that federal agencies also lag in complying with their own standards as published by the National Institute of Standards and Technology (NIST) (Eyadema, 2021).  Throughout this research study, malicious infiltrations propagated by nefarious actors were explored to identify countermeasures and best practices that can be deployed to protect organizations. Often, the lack of defense strategies is not from an absence of information, but from overly complex procedures and a lack of concise requirements. In a recent survey of Department of Defense (DoD) suppliers, 46% of respondents claimed that the supply chain requirements were too difficult to understand, thus reaffirming the importance of creating tools and techniques that are pragmatic and easily implementable (Boyd, 2020).</p> <p><br></p> <p>The research study presented offered notable safeguards through a literature review of prior studies, standards, and a document analysis of three prominent Information Technology (IT) companies who have made considerable advances in the field of IT supply chain. The results of the research led to the creation of the <em>Roberts Categorization Pyramid </em>which follows a zero-trust framework of “never trust, always verify” (Pavana & Prasad, 2022, p. 2). The pyramid is then further broken down into a formidable six-layer support structure consisting of governance, physical security, sourcing security, manufacturing, hardware security, and software security best practices. Finally, the importance of persistent vigilance throughout the life cycle of IT is highlighted through a continuous monitoring defense strategy layer that engulfs the entirety of the pyramid.  Through this compilation of pragmatic countermeasures, supply chain practitioners can become more informed, leading to more mindful decisions and protective requirements in future solicitations and supplier flow-downs. </p>

Supply chains

supply chain security

cyber supply chain

IT supply chain countermeasures

IT infiltration

zero trust

embedded hardware devices

malicious code

cyber

Cyber Supply Chain Security and the Swedish Security Protected Procurement with Security Protective Agreement

Dios Falk, Carina

January 2023

Digitalisation and globalisation are increasing the number of integrated and interconnected information technology (IT) systems worldwide. Consequently, these relationships and dependencies develop technological relationships through their services. Identifying all these relations is for organisations a challenge and complex since it involves millions of source code lines and global connections. For this reason, cyber supply chain risk management (C-SCRM) is becoming ever more critical for organisations to manage risks associated with information technology and operational technology (OT). At the same time, during a press conference, the Swedish Minister for Defense Peter Hultquist estimated that there are approx. 100.000 cyber activities against Swedish targets every year that targets both the Private and Public sector. In response to the evolving threat landscape, Sweden is experiencing a paradigm shift in protective security processes with new legislation entering into force that aims to protect Sweden's security against espionage, sabotage, terrorist offences and other crimes against national security. These rules on protective security, the Protective Security Act (2018:585) and Protective Security Ordinance (2021:955) apply to operators that are important for Sweden's national security and affect how public procurement processes are regulated. This thesis aims to study how the Swedish Security Protected Procurement with Security Protective Agreements (SUA) process and Cyber Supply Chain Risk Management (C-SCRM) relate and to understand what practices increase and decrease the level of C-SCRM in the current SUA process. The research questions are Q1) How does the SUA process relate to C-SCRM? and Q2) How does the SUA process affect the level of C-SCRM? This research paper contributes to understanding C-SCRM in the context of the Swedish Security Protected Procurement with Security Protective Agreements (SUA). To answer the research questions a Case study strategy was used, and interviews were conducted with eight key experts as well as a document analysis. The results showed that audit, regulation and people and processes are essential to managing C-SCRM and that processes within other international models, including the CMMC and Cyber Essential Plus, should be adopted to the SUA process to better manage cyber supply chain risks.

Cyber Security

Protective Security

Public Procurement

Cyber Supply Chain Security

Swedish National Security

Risk Management

Cyber Security Risk Management

NIST 800-161

ISO/IEC 27036

NISTIR 8276

Computer Sciences

Datavetenskap (datalogi)

Towards Understanding and Securing the OSS Supply Chain

Vu Duc, Ly

14 March 2022

Free and Open-Source Software (FOSS) has become an integral part of the software supply chain in the past decade. Various entities (automated tools and humans) are involved at different stages of the software supply chain. Some actions that occur in the chain may result in vulnerabilities or malicious code injected in a published artifact distributed in a package repository. At the end of the software supply chain, developers or end-users may consume the resulting artifacts altered in transit, including benign and malicious injection. This dissertation starts from the first link in the software supply chain, ‘developers’. Since many developers do not update their vulnerable software libraries, thus exposing the user of their code to security risks. To understand how they choose, manage and update the libraries, packages, and other Open-Source Software (OSS) that become the building blocks of companies’ completed products consumed by end-users, twenty-five semi-structured interviews were conducted with developers of both large and small-medium enterprises in nine countries. All interviews were transcribed, coded, and analyzed according to applied thematic analysis. Although there are many observations about developers’ attitudes on selecting dependencies for their projects, additional quantitative work is needed to validate whether behavior matches or whether there is a gap. Therefore, we provide an extensive empirical analysis of twelve quality and popularity factors that should explain the corresponding popularity (adoption) of PyPI packages was conducted using our tool called py2src. At the end of the software supply chain, software libraries (or packages) are usually downloaded directly from the package registries via package dependency management systems under the comfortable assumption that no discrepancies are introduced in the last mile between the source code and their respective packages. However, such discrepancies might be introduced by manual or automated build tools (e.g., metadata, Python bytecode files) or for evil purposes (malicious code injects). To identify differences between the published Python packages in PyPI and the source code stored on Github, we developed a new approach called LastPyMile . Our approach has been shown to be promising to integrate within the current package dependency management systems or company workflow for vetting packages at a minimal cost. With the ever-increasing numbers of software bugs and security vulnerabilities, the burden of secure software supply chain management on developers and project owners increases. Although automated program repair approaches promise to reduce the burden of bug-fixing tasks by suggesting likely correct patches for software bugs, little is known about the practical aspects of using APR tools, such as how long one should wait for a tool to generate a bug fix. To provide a realistic evaluation of five state-of-the-art APR tools, 221 bugs from 44 open-source Java projects were run within a reasonable developers’ time and effort.

The development of a criminological intervention model for the Rosslyn industrial environment in Tshwane, Gauteng, South Africa

Pretorius, William Lyon

02 1900

The problem investigated in this research is the ongoing crime threat and the extreme risks which impact negatively on the sustainability of the Rosslyn Industry - the industrial hub of Tshwane in the Gauteng Provence of South Africa. Businesses in Rosslyn are desperate for a solution that will mitigate these crime threats and risks, and ensure the future sustainability of this important industrial community. An intervention model is urgently required to prevent this type of crime, not only as a short term solution but as a sustainable long term intervention. This research study initiated the collaboration required for the successful implementation of a Crime Prevention Intervention Model (CPIM) in the Rosslyn industrial environment. The intended crime prevention model has been designed in such a way that it addresses the entire environment of crime that prevails in the Rosslyn area involving both the offender and the victim. This design is rooted in the ontology of Environmental Criminology and more specific on the applied epistemology of Crime Prevention Through Environmental Design (CPTED). Participants in this project are representatives who are responsible for all security functions in both big businesses and small enterprises. And with their dedicated assistance the research findings disclosed the current crime status of the Rosslyn environment regarding the threat, risk, security vulnerabilities, controls and needs: • Crime and its causal factors, in Rosslyn, are rife and no noteworthy action has been implemented to mitigate these threats. • Collaboration between Rosslyn role players (neighbours, local government and law enforcement) is for all purposes non-existent. • And to complicate matters even more, knowledge of how to effectively mitigate crime is limited and handicapped by the re-active physical security methods currently being used. • The implication of these findings is that the status quo will eventually render business in Rosslyn unsustainable. Thus a CPIM in Rosslyn is inevitable. What was crucial to this research and to the CTPED design is the detailed sourcing of accurate data addressing the experiences and the needs the respondents identified in the current Rosslyn crime situation concerning; status, the threat, risk, security, vulnerabilities and controls. In order to achieve this level of data sourcing and assimilation, the essential features of the research method were based on a mixed approach where quantitative and qualitative methods were implemented in parallel. The diverse fields, sources and respondent mix required for a Rosslyn Industry CPIM also necessitated a MIT (Multi,-Inter,-Trans,-Disciplinary) approach. This MIT requirement is successfully facilitated through the applied criminological CPTED approach. The CPIM is based on the combined outcomes of the following three research fields: • Field-one: Environmental criminology theories are researched through an in-depth literature review to demonstrate the criminological grounding of crime prevention and to guide its application through the development of an applied CPTED SUITE. • Field-two: Supply Chain Security (SCS) are researched through an in-depth literature review to establish its criminological relevance and applications. SCS requirements are identified and built into the Field-Three research process and tested for relevance and for incorporation in the CPTED SUITE. • Field-three: Based on a mixed research process, using a custom designed Criminological Risk Analyses tool incorporating scheduled interviews and questionnaires, the crime and needs profile of the Rosslyn Industry are uncovered and analysed. The results are filtered through the CPTED SUITE to indicate the correct criminological approach for mitigating the identified problems and needs. Even though this study takes an applied crime preventative approach, the criminological-philosophical mould of crime prevention is imperative for the effective application of the CPTED. Security and crime prevention training, planning and application, without this approach will remain underdeveloped and outdated. Finally the underlying intention of this research is for this Crime Prevention Intervention Model (CPIM) to be adapted and implemented and to serve as a guide or a benchmark for security practitioners in any industrial environment that has the same crime threats and crime risk challenges. / Criminology and Security Science / D. Litt. et Phil. (Criminology)

CPTED

Crime prevention

Crime prevention intervention model

Environmental criminology

Mix research

Multi-Inter-Trans-Disciplinary

Risk analysis

Rosslyn

Security applications

Supply chain security

364.22096822

Spatial analysis (Statistics)

Rosslyn (Pretoria, South Africa)

The development of a criminological intervention model for the Rosslyn industrial environment in Tshwane, Gauteng, South Africa

Pretorius, William Lyon

02 1900

The problem investigated in this research is the ongoing crime threat and the extreme risks which impact negatively on the sustainability of the Rosslyn Industry - the industrial hub of Tshwane in the Gauteng Provence of South Africa. Businesses in Rosslyn are desperate for a solution that will mitigate these crime threats and risks, and ensure the future sustainability of this important industrial community. An intervention model is urgently required to prevent this type of crime, not only as a short term solution but as a sustainable long term intervention. This research study initiated the collaboration required for the successful implementation of a Crime Prevention Intervention Model (CPIM) in the Rosslyn industrial environment. The intended crime prevention model has been designed in such a way that it addresses the entire environment of crime that prevails in the Rosslyn area involving both the offender and the victim. This design is rooted in the ontology of Environmental Criminology and more specific on the applied epistemology of Crime Prevention Through Environmental Design (CPTED). Participants in this project are representatives who are responsible for all security functions in both big businesses and small enterprises. And with their dedicated assistance the research findings disclosed the current crime status of the Rosslyn environment regarding the threat, risk, security vulnerabilities, controls and needs: • Crime and its causal factors, in Rosslyn, are rife and no noteworthy action has been implemented to mitigate these threats. • Collaboration between Rosslyn role players (neighbours, local government and law enforcement) is for all purposes non-existent. • And to complicate matters even more, knowledge of how to effectively mitigate crime is limited and handicapped by the re-active physical security methods currently being used. • The implication of these findings is that the status quo will eventually render business in Rosslyn unsustainable. Thus a CPIM in Rosslyn is inevitable. What was crucial to this research and to the CTPED design is the detailed sourcing of accurate data addressing the experiences and the needs the respondents identified in the current Rosslyn crime situation concerning; status, the threat, risk, security, vulnerabilities and controls. In order to achieve this level of data sourcing and assimilation, the essential features of the research method were based on a mixed approach where quantitative and qualitative methods were implemented in parallel. The diverse fields, sources and respondent mix required for a Rosslyn Industry CPIM also necessitated a MIT (Multi,-Inter,-Trans,-Disciplinary) approach. This MIT requirement is successfully facilitated through the applied criminological CPTED approach. The CPIM is based on the combined outcomes of the following three research fields: • Field-one: Environmental criminology theories are researched through an in-depth literature review to demonstrate the criminological grounding of crime prevention and to guide its application through the development of an applied CPTED SUITE. • Field-two: Supply Chain Security (SCS) are researched through an in-depth literature review to establish its criminological relevance and applications. SCS requirements are identified and built into the Field-Three research process and tested for relevance and for incorporation in the CPTED SUITE. • Field-three: Based on a mixed research process, using a custom designed Criminological Risk Analyses tool incorporating scheduled interviews and questionnaires, the crime and needs profile of the Rosslyn Industry are uncovered and analysed. The results are filtered through the CPTED SUITE to indicate the correct criminological approach for mitigating the identified problems and needs. Even though this study takes an applied crime preventative approach, the criminological-philosophical mould of crime prevention is imperative for the effective application of the CPTED. Security and crime prevention training, planning and application, without this approach will remain underdeveloped and outdated. Finally the underlying intention of this research is for this Crime Prevention Intervention Model (CPIM) to be adapted and implemented and to serve as a guide or a benchmark for security practitioners in any industrial environment that has the same crime threats and crime risk challenges. / Criminology and Security Science / D. Litt. et Phil. (Criminology)

CPTED

Crime prevention

Crime prevention intervention model

Environmental criminology

Mix research

Multi-Inter-Trans-Disciplinary

Risk analysis

Rosslyn

Security applications

Supply chain security

364.22096822

Spatial analysis (Statistics)

Rosslyn (Pretoria, South Africa)

<b>The Significance of Automating the Integration of Security and Infrastructure as Code in Software Development Life Cycle</b>

Hephzibah Adaeze Igwe (19213285)

28 July 2024

<p dir="ltr">The research focuses on integrating automation, specifically security and Infrastructure as Code (IaC), into the Software Development Life Cycle (SDLC). This integration aims to enhance the efficiency, quality, and security of software development processes. The study explores the benefits and challenges associated with implementing DevSecOps practices, which combine development, security, and operations into a unified process.</p><h3>Background and Motivation</h3><p dir="ltr">The rise of new technologies and increasing demand for high-quality software have made software development a crucial aspect of business operations. The SDLC is essential for ensuring that software meets user requirements and maintains high standards of quality and security. Security, in particular, has become a critical focus due to the growing threat of cyber-attacks and data breaches. By integrating security measures early in the development process, companies can better protect their software and data.</p><h3>Objectives</h3><p dir="ltr">The primary objectives of this research are:</p><ol><li><b>Examine the Benefits and Challenges</b>: To investigate the advantages and difficulties of integrating DevSecOps and IaC within the SDLC.</li><li><b>Analyze Impact on Security and Quality</b>: To assess how automation affects the security and quality of software developed through the SDLC.</li><li><b>Develop a Framework</b>: To create a comprehensive framework for integrating DevSecOps and IaC into the SDLC, thereby improving security and reducing time to market.</li></ol><h3>Methodology</h3><p dir="ltr">The research employs a mixed-methods approach, combining qualitative and quantitative methods:</p><ul><li><b>Qualitative</b>: A literature review of existing research on DevSecOps, IaC, and SDLC, providing a theoretical foundation and context.</li><li><b>Quantitative</b>: Building a CI/CD (Continuous Integration/Continuous Deployment) pipeline from scratch to collect empirical data. This pipeline serves as a case study to gather insights into how automation impacts software security and quality.</li></ul><h3>Tools and Technologies</h3><p dir="ltr">The study utilizes various tools, including:</p><ul><li><b>GitHub</b>: For version control and code repository management.</li><li><b>Jenkins</b>: To automate the CI/CD pipeline, including building, testing, and deploying applications.</li><li><b>SonarQube</b>: For static code analysis, detecting code quality issues, and security vulnerabilities.</li><li><b>Amazon Q</b>: An AI-driven tool used for code generation and security scanning.</li><li><b>OWASP Dependency-Check</b>: To identify vulnerabilities in project dependencies.</li><li><b>Prometheus and Grafana</b>: For monitoring and collecting metrics.</li><li><b>Terraform</b>: For defining and deploying infrastructure components as code.</li></ul><h3>Key Findings</h3><ul><li><b>Reduction in Defect Density</b>: Automation significantly reduced defect density, indicating fewer bugs and higher code quality.</li><li><b>Increase in Code Coverage</b>: More comprehensive testing, leading to improved software reliability.</li><li><b>Reduction in MTTR, MTTD, and MTTF</b>: Enhanced system reliability and efficiency, with faster detection and resolution of issues.</li><li><b>Improved System Performance</b>: Better performance metrics, such as reduced response time and increased throughput.</li></ul><h3>Conclusion</h3><p dir="ltr">The study concludes that integrating security and IaC automation into the SDLC is crucial for improving software quality, security, and development efficiency. However, despite the clear benefits, many companies are hesitant to adopt these practices due to perceived challenges, such as the upfront investment, complexity of implementation, and concerns about ROI (Return on Investment). The research underscores the need for continued innovation and adaptation in software development practices to meet the evolving demands of the technological landscape.</p><h3>Areas for Further Research</h3><p dir="ltr">Future studies could explore the broader impact of automation on developer productivity, job satisfaction, and long-term security practices. There is also potential for developing advanced security analysis techniques using machine learning and artificial intelligence, as well as investigating the integration of security and compliance practices within automated SDLC frameworks.</p>

Technology management

Cloud computing

Automated software engineering

Automation

SDLC

Software Development Life Cycle

DevSecOps

Iac

Infrastructure as Code

CI/CD

Code Quality

Static Code Analysis

ML

Vulnerability Management

Security

AI

Machine Learning

Artificial Intelligence

Supply Chain Security

Job Satisfaction

Developer Productivity