The intersection between security and continuous software engineering has been of great interest since the early years of the agile development movement, and it remains relevant as software development processes are more frequently guided by agility and the adoption of DevOps. Several authors have contributed studies about the framing of secure agile development and secure DevOps, motivating academic contributions to methods and practices, but also discussions around benefits and challenges. Especially the challenges captured also our interest since, for the last few years, we are conducting research on secure continuous software engineering from a more applied, practical perspective with the overarching aim to introduce solutions that can be adopted at scale. The short positioning at hands summarizes a relevant part of our endeavors in which we validated challenges with several practitioners of different roles. More than framing a set of challenges, we conclude by presenting four key research directions we identified for practitioners and researchers to delineate future work.

翻译：安全与持续软件工程的交叉领域自敏捷开发运动早期便引起广泛关注，且随着软件开发流程日益受敏捷性与DevOps实践的驱动，该议题至今仍具重要意义。多位学者已就安全敏捷开发与安全DevOps的框架构建展开研究，不仅推动了方法论与实践层面的学术贡献，也引发了对相关收益与挑战的深入探讨。特别值得一提的是，我们近年来以更具应用性和实践性的视角开展安全持续软件工程研究，核心目标是提出可规模化落地的解决方案，因此挑战性议题尤其引人关注。本文的简短定位概述了我们的核心实践成果——通过与不同角色的从业者共同验证实际挑战，我们不仅归纳了挑战集，更在结论部分提出了四项关键研究方向，为从业者与研究者规划未来工作提供指引。