Cybersecurity and DOD System Development: A Survey of DOD Adoption of Best DevSecOps Practice

DOD is moving from the Waterfall Model of software development to modern methods such as Agile, DevOps and especially DevSecOps, which emphasizes considering cybersecurity early. In 2020, the Office of the Under Secretary of Defense for Research and Engineering (OUSD/R&E) tasked the Institute for Defense Analyses to study DOD organizations practicing DevSecOps and other non-Waterfall methodologies to capture their successes and failures, to report actions organizations should take to adopt DevSecOps, and to recommend DOD-wide actions to promote DevSecOps practice. IDA developed and distributed a survey, received 18 responses, and conducted follow-up telephone interviews.