Air Force Chief of Staff Gen. Charles Q. Brown, Jr., right, looks on as Staff Sgt. David Ahn, Kessel Run 3D program manager, demonstrates how to fix code in minutes rather than days. Kessel Run is one of the Defense Department's software factories.

Apr 29 2022

How Software Factories Help the DOD Scale DevSecOps

Quick delivery of new tools improves the Defense Department’s ability to fulfill its mission.

Looking for more competitive advantages against adversaries, the Department of Defense is attempting to speed up the time it takes to deliver new software — from years to just minutes.

As part of the department’s new , DOD plans to establish a departmentwide software “factory” that will deliver new capabilities to its branches at what it calls the “speed of relevance.”

“The department’s adaptability increasingly relies on software,” Deputy Defense Secretary Kathleen Hicks said in a memo Feb. 1, “The ability to securely and rapidly deliver resilient software capability is a competitive advantage that will define future conflicts.”

“Software touches every part of our lives today, and it also touches the warfighter as the modern battlefield has become a software-defined environment,” DOD Chief Software Officer Jason Weiss said at a February media briefing.

“The ability to quickly deliver the resilient software at the speed of relevance, whether through reuse, acquisition or custom development, must also become so prevalent that it’s part of our DNA and it’s inextricably part of that DNA,” he added.

Click the banner to become an Insider and get access to customized federal IT content.

What Is the DOD’s Software Modernization Strategy?

The DOD Software Modernization Strategy is a part of the agency’s Digital Modernization Strategy for fiscal years 2019–2023; it builds upon and supersedes the 2018 DOD Cloud Strategy.

The new software modernization strategy includes three goals:

  • Accelerate the DOD enterprise cloud environment. To do this, DOD will continue to move data to the cloud, use automation to speed up cloud adoption and prepare its IT infrastructure outside the U.S. mainland (a region also known as OCONUS) for migration to the cloud.
  • Transform processes to enable resilience and speed. This will involve more agile acquisition, more involvement of the broader workforce beyond IT experts, the use of commercial off-the-shelf software for better efficiency and more incentives to use enterprise services.
  • Establish a departmentwide software factory ecosystem.

What Is a Software Factory?

In a software factory environment, developers, users and management work together daily to create and assemble software tools. Automated building and testing uncovers issues with the software product quickly, and developers can resolve them equally quickly without slowing the process.

The environment supports multitenancy, another aspect that helps move software along in a timely manner. But to get the full benefit of a software factory’s capabilities, technology and process must converge seamlessly, and the multiple tenants must remain separate.

DOD has built a few software factories in the past several years. The Air Force’s Cloud One provides cloud computing services; its Kessel Run builds cloud-based warfighting software. The Navy’s Black Pearl, which defines itself as a “software service,” provides a Platform as a Service baseline and a DevSecOps platform that can be the foundation for other software factories.

Still, says Danielle Metz, DOD’s deputy CIO for information enterprise, these are the exception, not the rule. The new modernization strategy and its focus on software factories will enable the department to develop a wider environment where they can thrive.

“The idea of doing software modernization in DevSecOps is nothing new,” she said in a February media briefing. “What we really wanted to be able to do was to elevate that mindset across the board, so that it could be a department endeavor and not just pockets of excellence.

“We really wanted to be able to democratize exceptionalism, and that's taking us to the next level,” she added. “It’s not just a back-office function; it truly is something that allows us to be able to execute our mission.”

While DOD has enhanced its focus on software factories, the department is following in the footsteps of the private sector, which originated the concept, says Jason Anderson, strategic solutions architect for Red Hat.

Although software factories build nearly invisible products, Anderson says, they are little different from factories that build and package tangible items such as cars or potato chips.

The most successful ones, he said, have a limited scope, allowing them to operate at scale. “You can do a little bit very well, or do a lot mediocre,” he says.

How Do Software Factories Within the DOD Operate?

Kessel Run was DOD’s first software factory. The department now owns or operates 29 of them, all supporting different services. Not all of them operate under a continuous authorization to operate, however, Weiss says, and that may mean some adaptations in best practices down the line.

Platform One, a DOD DevSecOps enterprise services team, provides tools for users who want to develop software factories and also manages Air Force factories including Kessel Run, Kobayashi Maru, Space CAMP and Unified Platform.

“Do we need every single software factory to go out there and procure and manage and operate their own source code repository?” Weiss said. “I think those are examples of where we can actually start to see economies of scale, in terms of both operational capacity and cost productions for the department across these software factories.”

DevOps is, at its core, the delivery of better and faster software that brings value to the user, says Red Hat’s Anderson. “If they do not use it, it’s not valuable,” he says. “If it’s difficult to use, it’s not valuable.”

DIVE DEEPER: Learn how Air Force CIO Lauren Knausenberger wants her service to become more agile.

How Can Software Factories Help the DOD Adopt DevOps and DevSecOps?

The new Software Modernization Strategy tasks a senior steering group with delivering an implantation plan within 180 days and overseeing enterprisewide progress.

The plan requires DOD to create a software factory ecosystem that includes existing investments such as Platform One and also enables the system to scale so that it can allow cross-service use. It asks that the department use enterprise providers to help scale the factories, minimize duplication of efforts and efficiently onboard customers.

“By leveraging and reusing some of the capabilities in these existing software factories, there’s going to be a cost savings that could potentially be realized by these programs,” Metz says.

“We’ve had this community of practice for almost two years, and now we’re marrying up that organic groundswell of people who want to do good with the strategic vision of the department — and now there’s no stopping us,” she adds.

Todd Moki/U.S. Air Force

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT