The aim of creating a threat matrix for DevOps is to establish a thorough repository of information that security personnel can utilize to monitor and establish countermeasures against pertinent attack strategies.
Leveraging the MITRE ATT&CK framework as a foundation, Microsoft aggregated methods and vectors of attack linked with DevOps infrastructures and constructed a specialized matrix designed specifically for DevOps attack tactics.
To fully understand the tactics outlined in this matrix, one must approach them from a DevOps perspective. It's important to note that the methods used for executing code in a Virtual Machine running Windows or Linux OS differ from those used in a DevOps pipeline. Specifically, when it comes to Linux, execution refers to running code within the operating system itself.
Post A Comment:
0 comments: