DevSecOps in robotics, the intersection of quality and security

A bit theoretical but here’s an attempt to get some of your inputs on the devsecops cycle (particularized for robotics):

We’ve recently been touching into how to add security to the development and operations cycle of roboticists (DevSecOps). The main objective of our work is to answer the following question: how do we integrate both security and quality in the robotics development cycle?

We launched a blog post summarizing our work so far. The technical report is also available here. Briefly, this first release provides a discussion (from a theoretical perspective, future efforts will extend it) on the current state, depicts a flow for secure development in robotics and puts together a series of recommendations and common practices from literature.

To fully implement this DevSecOps cycle, while developing, we are currently collecting input and evaluating different tools (some of which we pointed out a while ago here). We’d appreciate community input in the following aspects:

  • What’s your view on the intersection of quality and security? (see section 3 of our technical report for more background on our view, disagreements specially encouraged)
  • Which tools do you use (or would you) for static analysis? and for dynamic analysis?
  • Which tools and practices do you employ to manage flaws and priorize them?
  • Which monitoring tools do you use in your robotic applications? and which ones for analysis of data?