Cybersecurity and DOD System Development: A Survey of DOD Adoption of Best DevSecOps Practice

September, 2021
IDA document: P-22749
FFRDC: Systems and Analyses Center
Type: Documents
Division: System Evaluation Division
Authors:
Authors
Rachel K. de Naray, G. Lee Kennedy, Ryan R. Wagner, Steven P. Wartik See more authors
DOD is moving from the Waterfall Model of software development to modern methods such as Agile, DevOps and especially DevSecOps, which emphasizes considering cybersecurity early. In 2020, the Office of the Under Secretary of Defense for Research and Engineering (OUSD/R&E) tasked the Institute for Defense Analyses to study DOD organizations practicing DevSecOps and other non-Waterfall methodologies to capture their successes and failures, to report actions organizations should take to adopt DevSecOps, and to recommend DOD-wide actions to promote DevSecOps practice. IDA developed and distributed a survey, received 18 responses, and conducted follow-up telephone interviews.