Nicolas Chaillan has his work cut out for him. His title alone—chief software officer for the Air Force—bears the weight of an entire concept, where the talents of specialists in development, security and operations, are fused to make and maintain more sound products faster, and his supervisors want him to produce 100,000 people from his mold within a year.
“I was the first chief software officer. I don't think there's any others yet,” Chaillan said. “When I first started, we had dozens of teams doing all that work in disparate and uncoordinated environments.”
Chaillan is now also co-lead for the Defense Department’s Enterprise DevSecOps initiative. He spoke with Nextgov about the effort, which got its start back in August 2018 while he was at the Office of the Secretary of Defense for Acquisition and Sustainment.
In a traditional stepped “waterfall” model of software production and use, tasks associated with security and operations—such as testing and maintenance—are at the bottom end. The concept of DevSecOps puts them on an even plane with the design and coding phases of the process. With all these intrinsically linked activities happening at the same time, security experts can play a more proactive role.
It “could represent a sea change in how we do cybersecurity,” the National Institute of Standards and Technology’s Ron Ross told Nextgov. Ross, the computer scientist behind foundational NIST publications such as those containing the Risk Management Framework and Federal Information Processing standards, said NIST is in the early stages of creating a DevSecOps framework and expects to publish it in a draft special publication of guidance within the next 12 months.
Using the framework won’t be mandatory for federal agencies or their contractors, but Ross hopes the document will help broaden awa ..
Support the originator by clicking the read the rest link below.
