Date of Award
Summer 5-2025
Document Type
Dissertation
Degree Name
Doctor of Philosophy in Cyber Defense (PhDCD)
First Advisor
John Hastings
Second Advisor
Chad Fenner
Third Advisor
Ahmed Khandaker
Abstract
This research evaluates the adoption of DevSecOps among small to medium sized enterprises (SMEs), identifying key challenges, best practices, and future trends. Through a mixed methods approach backed by the Technology Acceptance Model (TAM) and Diffusion of Innovations (DOI) theory, we analyzed survey data from 405 SME professionals, revealing that while 68% have implemented DevSecOps, adoption is hindered by technical complexity (41%), resource constraints (35%), and cultural resistance (38%). Despite strong leadership prioritization of security (73%), automation gaps persist, with only 12% of organizations performing security scans per commit.
Our findings highlight a growing integration of security tools, particularly API security (63%), software composition analysis (62%), static application security testing (SAST) (60%), and infrastructure as code (IaC) security (59%), although container security adoption remains low (34%). Looking ahead, SMEs anticipate artificial intelligence and machine learning to significantly influence DevSecOps, highlighting the need for proactive adoption of AI driven security enhancements. Based on our findings, this research proposes strategic best practices to enhance Continuous Integration and Continuous Delivery (CI/CD) pipeline security including automation, leadership driven security culture, and cross team collaboration. This research bridges theory and practice, offering actionable recommendations to empower SMEs in building resilient cybersecurity ecosystems.
Recommended Citation
Cheenepalli, Jayaprakash Reddy, "Evaluating and Proposing the Best Practices for DevSecOps: A Research-Based Analysis" (2025). Masters Theses & Doctoral Dissertations. 507.
https://scholar.dsu.edu/theses/507