Enhancing Secure Software Development with AZTRM-D: An AI-Integrated Approach Combining DevSecOps, Risk Management, and Zero Trust
This paper introduces the Automated Zero Trust Risk Management with DevSecOps Integration (AZTRM-D) framework, a novel approach that embeds security throughout the entire Secure Software and System Development Life Cycle (S-SDLC). AZTRM-D strategically unifies three established methodologies: DevSec...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2025-07-01
|
| Series: | Applied Sciences |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2076-3417/15/15/8163 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849407550732107776 |
|---|---|
| author | Ian Coston Karl David Hezel Eadan Plotnizky Mehrdad Nojoumian |
| author_facet | Ian Coston Karl David Hezel Eadan Plotnizky Mehrdad Nojoumian |
| author_sort | Ian Coston |
| collection | DOAJ |
| description | This paper introduces the Automated Zero Trust Risk Management with DevSecOps Integration (AZTRM-D) framework, a novel approach that embeds security throughout the entire Secure Software and System Development Life Cycle (S-SDLC). AZTRM-D strategically unifies three established methodologies: DevSecOps practices, the NIST Risk Management Framework (RMF), and the Zero Trust (ZT) model. It then significantly augments their capabilities through the pervasive application of Artificial Intelligence (AI). This integration shifts traditional, often fragmented, security paradigms towards a proactive, automated, and continuously adaptive security posture. AI serves as the foundational enabler, providing real-time threat intelligence, automating critical security controls, facilitating continuous vulnerability detection, and enabling dynamic policy enforcement from initial code development through operational deployment. By automating key security functions and providing continuous oversight, AZTRM-D enhances risk mitigation, reduces vulnerabilities, streamlines compliance, and significantly strengthens the overall security posture of software systems, thereby addressing the complexities of modern cyber threats and accelerating the delivery of secure software. |
| format | Article |
| id | doaj-art-2cab37d28eb2446f9b6581a29d9eb44f |
| institution | Kabale University |
| issn | 2076-3417 |
| language | English |
| publishDate | 2025-07-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Applied Sciences |
| spelling | doaj-art-2cab37d28eb2446f9b6581a29d9eb44f2025-08-20T03:36:02ZengMDPI AGApplied Sciences2076-34172025-07-011515816310.3390/app15158163Enhancing Secure Software Development with AZTRM-D: An AI-Integrated Approach Combining DevSecOps, Risk Management, and Zero TrustIan Coston0Karl David Hezel1Eadan Plotnizky2Mehrdad Nojoumian3Department of Electrical Engineering and Computer Science, Florida Atlantic University, 777 Glades Road, Boca Raton, FL 33431, USADepartment of Electrical Engineering and Computer Science, Florida Atlantic University, 777 Glades Road, Boca Raton, FL 33431, USADepartment of Electrical Engineering and Computer Science, Florida Atlantic University, 777 Glades Road, Boca Raton, FL 33431, USADepartment of Electrical Engineering and Computer Science, Florida Atlantic University, 777 Glades Road, Boca Raton, FL 33431, USAThis paper introduces the Automated Zero Trust Risk Management with DevSecOps Integration (AZTRM-D) framework, a novel approach that embeds security throughout the entire Secure Software and System Development Life Cycle (S-SDLC). AZTRM-D strategically unifies three established methodologies: DevSecOps practices, the NIST Risk Management Framework (RMF), and the Zero Trust (ZT) model. It then significantly augments their capabilities through the pervasive application of Artificial Intelligence (AI). This integration shifts traditional, often fragmented, security paradigms towards a proactive, automated, and continuously adaptive security posture. AI serves as the foundational enabler, providing real-time threat intelligence, automating critical security controls, facilitating continuous vulnerability detection, and enabling dynamic policy enforcement from initial code development through operational deployment. By automating key security functions and providing continuous oversight, AZTRM-D enhances risk mitigation, reduces vulnerabilities, streamlines compliance, and significantly strengthens the overall security posture of software systems, thereby addressing the complexities of modern cyber threats and accelerating the delivery of secure software.https://www.mdpi.com/2076-3417/15/15/8163DevSecOpsNIST Risk Management Framework (RMF)NIST Zero Trust (ZT)Artificial Intelligence (AI)Secure Software and System Development Life Cycle (S-SDLC)Automated Zero Trust Risk Management with DevSecOps Integration (AZTRM-D) |
| spellingShingle | Ian Coston Karl David Hezel Eadan Plotnizky Mehrdad Nojoumian Enhancing Secure Software Development with AZTRM-D: An AI-Integrated Approach Combining DevSecOps, Risk Management, and Zero Trust Applied Sciences DevSecOps NIST Risk Management Framework (RMF) NIST Zero Trust (ZT) Artificial Intelligence (AI) Secure Software and System Development Life Cycle (S-SDLC) Automated Zero Trust Risk Management with DevSecOps Integration (AZTRM-D) |
| title | Enhancing Secure Software Development with AZTRM-D: An AI-Integrated Approach Combining DevSecOps, Risk Management, and Zero Trust |
| title_full | Enhancing Secure Software Development with AZTRM-D: An AI-Integrated Approach Combining DevSecOps, Risk Management, and Zero Trust |
| title_fullStr | Enhancing Secure Software Development with AZTRM-D: An AI-Integrated Approach Combining DevSecOps, Risk Management, and Zero Trust |
| title_full_unstemmed | Enhancing Secure Software Development with AZTRM-D: An AI-Integrated Approach Combining DevSecOps, Risk Management, and Zero Trust |
| title_short | Enhancing Secure Software Development with AZTRM-D: An AI-Integrated Approach Combining DevSecOps, Risk Management, and Zero Trust |
| title_sort | enhancing secure software development with aztrm d an ai integrated approach combining devsecops risk management and zero trust |
| topic | DevSecOps NIST Risk Management Framework (RMF) NIST Zero Trust (ZT) Artificial Intelligence (AI) Secure Software and System Development Life Cycle (S-SDLC) Automated Zero Trust Risk Management with DevSecOps Integration (AZTRM-D) |
| url | https://www.mdpi.com/2076-3417/15/15/8163 |
| work_keys_str_mv | AT iancoston enhancingsecuresoftwaredevelopmentwithaztrmdanaiintegratedapproachcombiningdevsecopsriskmanagementandzerotrust AT karldavidhezel enhancingsecuresoftwaredevelopmentwithaztrmdanaiintegratedapproachcombiningdevsecopsriskmanagementandzerotrust AT eadanplotnizky enhancingsecuresoftwaredevelopmentwithaztrmdanaiintegratedapproachcombiningdevsecopsriskmanagementandzerotrust AT mehrdadnojoumian enhancingsecuresoftwaredevelopmentwithaztrmdanaiintegratedapproachcombiningdevsecopsriskmanagementandzerotrust |