Exploring the Socio-Technical Issues of MLOps

Speaker: Professor Debi Ashenden

New technology has the potential deliver a step change for defence and national security, but it comes with threats as well as opportunities. The successful delivery of such technology will depend as much on the socio-technical issues around the design, development, and deployment of software as it will on the technology itself. Modern software development processes such as DevSecOps take advantage of tools and processes that facilitate agile ways of working, continuous integration and delivery, and the development of secure code. But to be effective DevSecOps also requires trust and a change in culture. This talk charts previous research that has explored the social practice of software developers to better understand how fracture points in their relationships with cyber security practitioners can impact security risk. When a DevSecOps project succeeds it is because working relationships between security and software development activities are underpinned by mutual trust. When trust is lacking the process suffers: software developers and security practitioners don’t engage early enough, insufficient time is available to implement security, and an incomplete view is formed of security risks. MLOps adds to the complexity of security issues in DevSecOps as data scientists interact with the software development process. This talk outlines research that aims to better understand the social practice of data scientists in the MLOps process. Understanding these social practices will help us identify potential vulnerabilities in MLOps that could lead to an increase in cyber security risk.