Continuous deployment of capability describes a set of principles and practices that provide faster delivery of secure software capabilities by improving the collaboration and communication between software development teams, IT operations, and security staff within an organization, as well as with acquirers, suppliers, and other stakeholders in the life of a software system.

To keep pace with potential adversaries, the Department of Defense (DoD) and government software development efforts need to deliver cutting-edge software capabilities quickly. However, as of 2012, the average development time from concept to deployment for major DoD IT systems was seven years, and in February 2017, the Government Accounting Office reported that the DoD “pays more than anticipated, can buy less than expected, and, in some cases, delivers less capability to the warfighter.” The budgeting process alone can take as long as two years.

With the increasing importance for developing and deploying new technologies, it is critical for the DoD to find ways of accelerating the speed at which it moves from concept to capability.  This capability has proven successful in industry for doing just that, with many companies increasing not only the velocity at which they deliver secure software to users, but their incident response capabilities as well. It can increase system quality, reduce costs and capability time-to-value, and minimize cognitive differences among all key system stakeholders.

As a result, the DoD and other government agencies are invested in finding how to effectively apply these techniques to their projects. The SEI supports this work by researching how to apply continuos deployment of capability in the DoD and government settings to deploy new technologies more quickly and ensure that those technologies are secure.

Better Software Faster

Since the SEI began its research on streamlining development, security, and operations (DevSecOps) in 2012, we have become a recognized leader in the practice. The SEI integrates research on AI, software, and cybersecurity into its work in continuous deployment of capability to provide solutions for DoD capabilities, acquisition, integration, and delivery of software.

In 2015, the SEI became the first federally funded research and development center (FFRDC) to work on implementing these practices at the DoD. Currently, the SEI is engaged in several projects that involve the application of continuous deployment to complex, mission-critical systems development, as well as for reducing software cycle times and cost, and improving the sustainability of DoD platforms.

In the same year we began working with the DoD, we leveraged our expertise to launch the first course in the world on the topic of DevSecOps in the graduate program of Carnegie Mellon University’s (CMU) world renown School of Computer Science. The course was co-designed and co-taught by Hasan Yasar.

Since 2015, demand for our DevSecOps course has grown, and it is now offered every semester of the academic year at CMU. Today, we also offer the course internationally and have consulted with top-tier universities across the world to help them build their own DevSecOps curricula, including universities in Germany, Spain, Portugal, Rwanda, Turkey, India, and more.

Your organization can benefit from the SEI’s expertise. We offer training, mentoring, and engineering support for organizations that are new to continuous deployment of capability or that are looking to optimize their techniques. Our experts can help you apply these practices to your organization’s development, testing, and operational processes and create synchronous environments that enable you to deploy new capabilities and update current features securely.

We can also help you leverage DevSecOps to better meet the requirements set forth in various standards (e.g., IEEE P2675 DevOps and NIST 800-160), frameworks (e.g., DOD Architecture Framework), regulations (e.g., DoDD 5000.01 and DFARS), and strategic plans (e.g., the DISA Strategic Plan).