Software factories are increasingly in vogue at federal agencies. Rather than setting up individual DevSecOps programs, these factories are allowing agencies to put...
The software factory is not a new concept for many federal agencies, but the rapid growth of these agile development units in recent years is hard to understate.
The Air Force broke ground with its “Kessel Run” DevSecOps unit in 2018. Now, the Pentagon has at least 29 software factories spread out across the military services and fourth estate, according to a Defense Department software modernization strategy released last year.
And they’re popping up on the civilian side of government as well, with software factories in place at the U.S. Patent and Trademark Office and the Department of Veterans Affairs.
Lorraine Landfried, senior vice president in the civil sector at Booz Allen Hamilton, said software factories represent “the next evolutionary step” agencies are taking in software.
“As we’re moving away from looking at just individual systems or projects, and taking more of a product line and portfolio approach, a software factory is a natural complement to that, because it gives you a common set of tools and processes that can be used by multiple development teams that are solving similar product problems,” Landfried said.
The factory approach is a combination of “people, processes and tools,” she said.
“It lets us put more accelerators, and more powerful tools in place, things like test automation, developer self-service types of tools, all the way to the other end with validation of security controls,” Landfried said. “You get all of that done consistently, more affordably and more reliably.”
The approach may change how agency chief information officers and IT teams approach their technology stack. Instead of organizing development teams and resources around each specific program or set of requirements at an agency, Landfried said agencies are starting to design their factories around broader mission and product lines.
“It just to be used be one development team to solve one problem, but really opening the aperture of, ‘How are we going to onboard other products into this and really pivot from being a purpose built DevSecOps pipeline to being something that can be shared across products, or even at an enterprise level?’” Landfried said.
Meanwhile, software security considerations are becoming ever more paramount at federal agencies. President Joe Biden’s May 2021 cybersecurity executive order directed agencies to adopt secure software development practices.
The National Institute of Standards and Technology has since published a secure software development framework, and last September, the White House Office of Management and Budget issued new guidance for agencies to obtain secure software attestations from vendors.
With cybersecurity and supply chain security requirements on the rise, Landfried said agencies are building repeatable security process into their software factories, as well.
“You’re going to get logs created a certain way, you’re going to have those logs connected to enterprise monitoring,” she said. “You can start putting, machine learning tools on top of those. And you’re not having to go and retrofit every application that you have. As applications come into the factory, that uniformity allows you to put yourself in a much better security posture.”
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
Senior Vice President, Civil Sector, Booz Allen Hamilton
Reporter, Federal News Network
Senior Vice President, Civil Sector, Booz Allen Hamilton
Reporter, Federal News Network
Justin Doubleday is a defense and cybersecurity reporter for Federal News Network. He previously covered the Pentagon for Inside Defense, where he reported on emerging technologies, cyber and supply chain security. Justin is a 2013 graduate of the University of New Hampshire, where he received his B.A. in English/Journalism.