Tech. Sgt. Kevin Leal, 19th Aircraft Maintenance Squadron aerospace maintenance noncommissioned officer in charge, left, and Master Sgt. Jose Piedra, 19th AMXS section chief review a tablet featuring Torque personnel management data. Torque is an aircraft maintenance scheduling tool that was created by the U.S. Air Force’s product development and programming team, Kessel Run.

May 09 2022

Software Factories for the Military Scale DevSecOps

Military branches are embracing software factories as part of a departmentwide modernization strategy.

The Pentagon is retooling its software acquisition process from the ground up. After decades of purchasing specialized code through contractors who often delivered products late and of low quality, the Department of Defense is embarking on a new internal software factory model.

In February, the DOD released a software modernization strategy that lays out the framework. Based in the service branches, a software factory is a “software assembly plant for development and integration that contains multiple pipelines, equipped with a set of tools, process workflows, scripts and environments, to produce a set of software-deployable artifacts with minimal human intervention.”

The approach is rooted in the agile and DevOps software models that connect the development team with operational end users. It’s a continuous loop of planning, writing, testing, deploying, operating and monitoring new software.

Click on the banner to learn how to become an Insider.

Gone are the days of “waterfall” development, where software floated downstream from a room full of code jockeys to users who received applications that were often obsolete by the time they arrived.

The new software factories are instead “really comprehensive platforms for next-generation IT systems — weapons systems, artificial intelligence environments that allow us to continually update capabilities,” says Robert Vietmeyer, director for cloud and software modernization for the Pentagon’s CIO office.

Vietmeyer explains that the Pentagon formerly made software vendors gamble on the delivery of end products.

“But that didn’t really outsource risk,” he says. “It’s a failed notion. We really need to be much more involved, from early development to deployment.”

There are about 30 software factories across the military services, according to Vietmeyer. All are under DOD operational control, and most are funded through branch budgets.

DIVE DEEPER: How do software factories help the DOD scale DevSecOps?

What Is the Air Force’s Platform One?

Platform One, or P1, is composed of active duty Air Force military personnel, government civilian employees and contractors, with approximately 220 individuals in total. It merges top talent from across the Air Force’s software development shops, including Kessel Run, Kobayashi Maru, SpaceCAMP and the Unified Platform.

“P1 provides modern, secure, software development, security and operations (DevSecOps) tools and environments that help organizations focus their efforts on building, running and continuously improving their software applications,” says Lt. Col. Brian Viola, materiel leader for Platform One.

“By building and operating on top of a common, secure foundation provided by Platform One, organizations avoid the time and cost of replicating all the resources needed to provide the same level of features and security.”

The cloud-based factory provides tooling, hosts continuous integration/continuous delivery DevSecOps pipelines, and offers a secure Kubernetes platform for hosting microservices.

It also created the Iron Bank repository of digitally signed container images, including open-source and commercial off-the-shelf software, hardened to DOD specifications. Iron Bank containers are shared across the military services.


The approximate number of software factories across the Department of Defense

Source: Department of Defense

What Is the Army’s Coding Resources and Transformation Ecosystem? 

The Army’s software factory, Code Resource and Transformation Environment (CReATE), is designed to help its software teams get secure, resilient and scalable applications to end users fast. It includes a suite of DevSecOps tools, services and production pipelines to enable cloud-native software development.

“The Army Software Factory is the first within the Army, focused on upskilling soldiers so they can build and deliver software capabilities for the force,” says Hannah Hunt, chief product and innovation officer for the effort. “Our application teams leverage the CReATE platform for all their development, testing and production” needs.

Hunt explains there are other government-led or soldier-led software efforts in the Army, “but the software factory is poised to support the future fight in 2030 and beyond by prototyping a future force design that enables soldier application teams at the edge.” 

The factory is focused on three primary portfolios: people, maintenance/logistics and tactical operations. It’s currently developing 10 applications with the first two areas, and there are plans to start development of four more applications in the June timeframe, says Hunt.

“We have eight applications in production, with our flagship focused on the This Is My Squad (TIMS) effort led by the Sergeant Major of the Army. MySquad enables squad leaders to have better oversight of their squads and schedule tasks and appointments on soldiers’ personal devices,” she says.

The factory has also developed a digital preventive maintenance checks and services (PMCS) software application that allows soldiers to access technical manuals on their phones and tablets.

Hannah Hunt.jpeg
The software factory is poised to support the future fight in 2030 and beyond.”

Hannah Hunt Chief Product and Innovation Officer, Army Software Factory

What Is the Navy’s Overmatch Software Armory?

The Navy has been circumspect about this classified program and limited official information exists. According to Amazon Web Services, which is a partner, “Project Overmatch is a multi-command effort aimed at enabling Navy and Marine Corps platforms and capabilities, delivering synchronized lethal and non-lethal effects from near-and-far, every axis and every domain.”

Central to Project Overmatch is the development of networks, infrastructure, data architecture, tools and analytics that support the operational and developmental environment to sustain maritime dominance using manned and unmanned systems, says AWS.

The Overmatch Software Armory is a cloud-based digital environment that uses DevSecOps principles to bring rapid delivery of software capability to the fleet.

More than 100 people are involved in the effort, says Rick Jack, Overmatch infrastructure pillar lead.

“The strategic goal is to ensure parity between ops and development,” he says. “Now, software thrown over the fence causes a lot of delays and retests.” The central mission is to get data to the warfighter to help make informed decisions.

What Is the Marine Corps’ Business Operations Support Services?

The Marine Corps Business Operations Support Services (MCBOSS) is a cloud-based DevSecOps pipeline fashioned after the Air Force’s Platform One and Kessel Run programs. The factory was essential to the winning team in the Marine Corps’ first Micro-Application Development Innovation Challenge in 2021.

The winners used the MCBOSS ecosystem to rapidly build a data comprehension and visualization tool called the Global Combat Support System Marine Corps Reconciliation Operations Organization Tool, which reduces the time and effort required by Marines to understand and report on readiness.

READ MORE: Air Force CIO Lauren Knausenberger leads a department eager to move into the future.

How Do DOD Software Factories Interact and Compare to One Another? 

The Pentagon’s software factory paradigm is still in its early phase. The Air Force is furthest ahead in the field, but sharing information and best practices across the DOD is central to the effort, service branch officials say.

“The Marines do not want to do anything all by themselves,” Renata Spinks, cyber technology officer to the U.S. Marine Corps Forces Cyberspace Command, “We are a team-of-teams institution. Every platform is different, and none of them are one-size-fits-all. If there’s a capability or a gap, the first thing we do is go see who else has this and what does ‘right’ look like.”

Collaboration is also central to Platform One. “Partner software factories actively work with P1 to manage their tailored DevSecOps platforms and provide improvements to the P1 software baseline,” says Viola.

“To foster teaming across the P1 ecosystem, Platform One interacts with all these software factories through the Department of the Air Force Chief Software Office, or in communities of interests or working groups like the Big Bang Technical Oversight Committee, the Software Coalition, or the DOD Container Governance Task Force.”

The same is true for the Army’s CReATE factory. “We are fortunate to have great working relationships with the other services and collaborate on many efforts, including sharing best practices, code and collaborating on joint efforts,” says Hunt.

Tech. Sgt. Zachary Kee/U.S. Air Force

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.