References & Citations
Computer Science > Software Engineering
Title: An Empirical Study of Security Practices for Microservices Systems
(Submitted on 30 Dec 2021 (v1), last revised 18 Nov 2022 (this version, v4))
Abstract: Despite the numerous benefits of microservices systems, security has been a critical issue in such systems. Several factors explain this difficulty, including a knowledge gap among microservices practitioners on properly securing a microservices system. To (partially) bridge this gap, we conducted an empirical study. We first manually analyzed 861 microservices security points, including 567 issues, 9 documents, and 3 wiki pages from 10 GitHub open-source microservices systems and 306 Stack Overflow posts concerning security in microservices systems. In this study, a microservices security point is referred to as "a GitHub issue, a Stack Overflow post, a document, or a wiki page that entails 5 or more microservices security paragraphs". Our analysis led to a catalog of 28 microservices security practices. We then ran a survey with 74 microservices practitioners to evaluate the usefulness of these 28 practices. Our findings demonstrate that the survey respondents affirmed the usefulness of the 28 practices. We believe that the catalog of microservices security practices can serve as a valuable resource for microservices practitioners to more effectively address security issues in microservices systems. It can also inform the research community of the required or less explored areas to develop microservices-specific security practices and tools.
Submission history
From: Peng Liang [view email][v1] Thu, 30 Dec 2021 05:04:04 GMT (2280kb,D)
[v2] Wed, 22 Jun 2022 03:46:07 GMT (2275kb,D)
[v3] Thu, 29 Sep 2022 00:20:55 GMT (1580kb,D)
[v4] Fri, 18 Nov 2022 12:00:35 GMT (1580kb,D)
Link back to: arXiv, form interface, contact.