The Defense Department won’t see the return on investment DevSecOps systems development practices can provide without cultural and procedural shifts, according to DOD officials.
Katie Arrington, chief information security officer for DOD’s acquisition office, said DOD has more work to do on changing workforce culture within the Pentagon around DevSecOps. DevSecOps is not just the latest in a long line of buzzwords—from waterfall to agile to DevOps—but a priority, according to Arrington.
“You think about long-term sustainability, if we don't start to really emphasize DevSecOps as we go forward and build on the good work that has been done, we'll never see the actual return on investment in the life cycle that we need,” Arrington said at a webinar hosted by AFCEA International’s SIGNAL Magazine Wednesday.
Arrington added the department needs to educate the workforce around what DevSecOps means for them. She wants the workforce to understand that DevSecOps is not something that will replace jobs, but enhance the work they are currently doing.
The DevSecOps methodology requires implementation of security protocols at every iteration of the development cycle. The result is more comprehensive security at speeds needed to stay ahead of adversaries looking to exploit vulnerabilities. Platform One, originally an Air Force project, is DOD’s flagship DevSecOps initiative.
In order to use DevSecOps more widely across DOD components, contracting procedures have to adapt. Arrington touted DOD’s new Adaptive Acquisition Framework as key to enabling adoption of DevSecOps. The framework, which has a dedicated software pathway, is a signal that DOD is committed to “baking in” security at every step of the process, according to Arrington.
Defense Undersecretary for Acquisition and Sustainment Ellen Lord offic ..
Support the originator by clicking the read the rest link below.
