Software Engineering Institute

There is a tension between the need to release capabilities rapidly and the length of time needed to acquire capabilities, which includes the time needed to complete accreditation processes. To accomplish both requires an increased attention to operational requirements, effective use of architecture, ability to release smaller software components, and a major shift from monolithic, after-the-fact information assurance to mission assurance.

This presentation describes an approach and provides examples showing how software security assurance can be achieved while keeping the desired pace of releasing new capabilities.  It concludes with a challenge to the audience to adopt and adapt the approach so mission assured software capabilities are released at the pace needed by the warfighter rather than a pace dictated by accreditation processes.