What's needed for the future of software factories

According to Air Force leadership, software factories have already saved 100 years of program time. The Air Force's Platform One generated a 106-times improvement from development to deployment and increased the number of code deployments 208-times over pre-factory efforts. DevOps-based software factories have dramatically reduced software release timelines from a standard three-to-eight months down to just one week.

Based on the DevSecOps approach, like the Air Force’s Kessel Run, BESPIN and Platform One, the defense community can collaborate broadly with developers, pilots, security professionals and other stakeholders. Information is presented so that all the stakeholders have visibility and can collaborate, comment, share and ensure progress. The approach has the potential to reduce tool sprawl, provide enterprise services for standard software assembly functions, improve time to value and enhance security measures. 

Software factories have become an essential tool for driving innovation across the defense community. But as software factories advance and become a standard for solving DOD challenges, the factories must streamline to truly become one comprehensive DevOps platform. This will support effective collaboration, enable efficient software development and reliably secure software development in the process.

Collaborative software development

As a result of pandemic-induced workplace changes, many federal agencies moved from monolithic to microservices-based architecture. In turn, they were able to move faster and work independently. As developers use more tools for their projects, a comprehensive DevOps platform that brings disparate tools together is crucial to support organization, new working styles and efficiency. 

The next iteration of software factories, based on a DevOps platform, enables entire teams to collaborate remotely or in-office with a single tool, manage the end-to-end development lifecycle, more quickly deliver value and increase visibility. 

For sensitive information that the DOD handles, a platform approach separates the general development environment from the restricted side, which disconnects from the internet and limits access. As such, those who require this access can receive it, and other developers still benefit from the open environment. 

Finally, collaboration driven by software factories can prevent agencies from duplicating major efforts. Agencies can check on government projects through the Iron Bank, a centralized repository of approved programs. To drive the future of software factories, this type of collaboration must continue and expand. 

Efficient software development

Often, organizations spend time and resources on platforms that do not meet their needs and require extensions that slow down action time. To keep software factories running effectively, agencies must use a single platform for software development that’s built on a unified data source. This approach will be central in the software factory of the future, as it provides a complete DevOps solution without requiring resources for building and maintaining a DIY toolchain and can streamline time-consuming and repetitive training efforts.      

The Air Force presents an excellent example of where this is already being well executed. Its DevOps-based platforms and software factories enable the service to gain access to all the functionality needed without dealing with a multiplicity of vendors. This prevents multiple tools from having to be evaluated by agencies to fit into their security posture. Data sources and applications continue to increase and will only become more extensive in the future. To optimize the possibilities in the software factory of the future, integration on a single platform will be essential. 

Secure software development

The federal government at large is taking a closer look at its software supply chain, an effort that's even more essential given the sensitive information the defense community handles. To ensure security in the software supply chain, people, processes and technologies must work together in unison. This includes code that has been examined by numerous security personnel, build processes that take place in the open and high-quality software that is tested and trusted.

Software factories and contractors that work with them will also need to put in place a comprehensive and continuously monitored software bill of materials (SBOM), allowing everyone touching the software to fully understand the dependencies and vulnerabilities of their ecosystems. 

A DevOps platform can address many important security considerations. With security scanners built into the development process, agencies can scan every line of code as it is committed, allowing developers to identify and remediate vulnerabilities before they are pushed live. Less time is needed to search for bugs, and there’s clear accountability for the introduction, remediation and dismissal of security vulnerabilities and policy violations within one platform. As software factories evolve, security expectations will only increase, making these processes essential.  

Putting mission-critical capabilities into the warfighter's hands is a crucial challenge the DOD is looking to solve, with software factories providing a solution that is already proving to be a success. With robust approaches to supporting collaboration, efficiency and comprehensive security, tomorrow's software factories will enable agencies to develop and deploy at speed, pushing the DOD into the future of innovation.

Bob Stevens is AVP Public Sector, GitLab.