DevSecOps in Fintech: A Maturity Model for Integrating Security into the AI-Driven SDLC

Utham Kumar Anugula Sethupath; Vijayanand Ananthanarayanan

doi:10.69987/JACS.2023.30805

Authors

Utham Kumar Anugula Sethupath Independent Researcher, Senior IEEE Member, Alumni, Nanyang Technological University, Atlanta, USA Author
Vijayanand Ananthanarayanan Independent Researcher, Alumni, Fairleigh Dickinson University, Atlanta, USA Author

DOI:

https://doi.org/10.69987/JACS.2023.30805

Keywords:

DevSecOps in Fintech, Financial Technology, DSOMM, Artificial Intelligence

Abstract

The financial technology (fintech) industry operates under a dual imperative: the need for rapid innovation to remain competitive and the non-negotiable requirement for robust security to protect high-value assets and comply with stringent regulations. Traditional, siloed security models fail to meet these demands. This paper argues that the unique risk profile of fintech necessitates a specialized DevSecOps maturity model. We introduce the Fintech DevSecOps Maturity Model (Fin-DSOMM), a novel, four-level framework adapted from the Open Web Application Security Project (OWASP) DSOMM. Unlike generic models, the Fin-DSOMM prioritizes compliance-as-code and proactive threat modeling at early maturity stages. It further posits that Artificial Intelligence (AI) is a critical accelerant, enabling organizations to progress from a reactive, automated security posture to a predictive and adaptive one. This paper outlines the structure of the Fin-DSOMM, details the role of AI in enhancing each maturity level, and provides a strategic roadmap for fintech organizations to build secure, compliant, and agile software development lifecycles