近年來金融科技快速發展,對金融產業產生了結構性的影響,資訊安全成為 發展金融科技重要議題之一。金融業者在發展金融科技過程,除了面對不斷提升 的外在網路攻擊速度和頻率,以及金融科技自身的複雜性,迫使金融業者無法以 傳統軟體開發流程及資訊安全防護標準,因應金融科技所帶來的風險。 DevOps及DevSecOps是近年來業界所提倡的軟體開發方法之一,DevOps強調透過自動化軟體交付的過程,使得企業組織能夠更加快速發佈軟體,而 DevSecOps是新的安全理念與模式,是從DevOps的概念延伸而來。本研究以個 案研究法,分析個案公司在發展金融科技過程中,所遭遇的問題與瓶頸。並探討 如何利用DevSecOps方法,發展一套適用於金融科技的軟體開發模式。 本研究以DevOps的三步工作法,對個案公司軟體開發流程問題提出建議措 施,建議個案公司在軟體交付過程的每個階段進行安全性測試,並且與持續整合 及持續交付進行整合,藉由DevSecOps實現軟體安全性快速交付。;As the rapid development of financial technology in recent years has structurally impacted the financial industry, data security is emerging as a key topic in FinTech development. In addition to considering the increasing speed and frequency of external cyberattacks and the rising complexity of FinTech, financiers must also respond to FinTech risks and can no longer use traditional software development processes and data security standards in FinTech development.
DevOps and DevSecOps are software development methods advocated by the industry in recent years. DevOps emphasizes enabling faster enterprise software releases through automating the software delivery process, and DevSecOps extends the DevOps framework to form a new security concept and model. This research utilizes case study to analyze the problems and bottlenecks companies face in FinTech development, and explores the use of DevSecOps in creating a suitable set of software development models for FinTech.
Finally, this study proposes measures according to DevOps’ three-way work method to improve the speed bottleneck the company encounters in software development operations, and recommends the company to conduct security tests at each stage of the software delivery process in addition to continuous integration & continuous delivery to achieve a secure software delivery that DevSecOps advocates.