“DevSecOps and Software Factories”
Developing software for large-scale cyber-physical systems is a complicated endeavor, especially when those systems include real-time safety and security consideration. In the past, we tackled this complexity with rigid “waterfall” development processes that lead to lengthy development cycles that are prone to late (and expensive) failure. The software industry as a whole, including the DoD and Aerospace sectors, have recognized that speed and cycle time, along with “fail quick” thinking, are key to getting software into the hands of customers or warfighters quickly. In this presentation, we will talk about the transition of large-scale software development efforts for DoD systems to agile DevOps (a contraction of “development” and “operations”) processes, and how we extend that thinking to include certified cyber security defenses into that software for DevSecOps. We will further discuss the concept of Software Factories that builds on DevSecOps principles for increased efficiencies.