Modernizing defense software factories

The Department of Defense (DoD) software modernization strategy is a department-wide plan to reduce software delivery time from years to just minutes through comprehensive changes to processes, policies, workforce, and technology. It was approved on March 30, 2023, by DoD Chief Information Officer (CIO), John Sherman.

As outlined in the DoD Software Modernization Implementation Plan Summary, this strategy encompasses 3 main goals:

1. Accelerate the DoD enterprise cloud environment.
2. Establish a department-wide software factory ecosystem.
3. Transform processes to boost resilience and speed.

In order to achieve these goals, it is necessary to expand the use of software factories, and to ensure that they are able to provide the solutions required for mission needs.

Modernizing software factories is about helping developers spend more time on development by incorporating functional capabilities, tools, processes, and automation to reduce complexity. It’s also about using updated policies and best practices to bring cohesion through governance within multiple domains, such as application development, operations, and security. When coupled with powerful metrics and insights, teams are capable of delivering software artifacts faster, in phases, and with minimal human intervention. 

By using integrated operations that incorporate shared software and development objects and platforms, teams can consolidate the effort required to create software, resulting in more efficient development.

DevSecOps tooling is also necessary for modernizing software factories. For DoD use cases especially, it’s necessary to continuously integrate security into the continuous integration and continuous development (CI/CD) workflow. This must be a shared responsibility, incorporated into the entire lifecycle of the software and across all components of the software factory.

Modern software factories also employ GitOps practices in order to maximize observability, automation, and ensure continuous integration and continuous delivery (CI/CD). Using GitOps principles can ensure any software changes can be monitored and rolled back as required, improving security, reliability, and consistency across the software factory.

For DoD software factories, robust testing standards are a necessary step to increase confidence across Authority to Operate (ATO) boundaries and establish the standard body of evidence for Authorizing Officials to quickly approve software usage. 

It is important to establish security policies and boundaries to secure software factories and ensure that the ATO is not compromised. This guarantees that in case the application deviates from the set policy, it will revert to a previously known secure state.

Modern software factories also require a platform that can help to simplify adoption of software delivery practices, allowing teams to focus on innovation. 

Above all, a trained workforce with access to relevant content and communities of expertise is required to transform policies and processes and help the DoD to realize the full potential of software factory modernization. Cultivating cutting edge digital talent among members of the workforce while creating a culture of continuous development is necessary if the DoD is to keep pace with changing conditions and ensure desired mission outcomes.

Red Hat has considerable experience in software modernization. In the realm of DoD software factories, Red Hat® OpenShift® is already being used as a certified distribution for the Air Force software factory Platform One.

Red Hat’s experience documenting existing environments and available tools used to build, test, release, and deliver software is highly relevant for the task of modernizing and expanding the DoD software factory ecosystem.

Red Hat provides a wide spectrum of zero trust and software bill of materials (SBOM) capabilities via Red Hat Trusted Software Supply Chain, bringing trusted cloud services and prescriptive workflows together to help our customers build compliant, high-quality, highly observable software with automated security guardrails.

Red Hat also helps customers to review security postures, ensuring compliance with industry standards and governance of policies to guide cloud operations.

Using Red Hat® tools and solutions, customers can build and optimize DoD software factories using customer tools on a consistent development platform, scaling software solutions as needed across multiple teams and functions.

Red Hat takes a layered approach to cyber defense that incorporates zero trust architecture (ZTA) principles, helping customers implement security across the entire infrastructure, application stack, and life cycle. This defense-in-depth strategy frees customers from relying on a single security layer. Instead, security is integrated across people, processes, and technologies.

By working with Red Hat, customers, mission partners, and communities-of-interest also have access to an expansive ecosystem of partners to help them solve complex challenges, grow commercial relationships, and accelerate the interoperability of software deployments.

Red Hat is a global leader in technology and software modernization, with a proven product portfolio of open hybrid solutions that help customers build, deploy, and manage applications while simplifying, automating, and securing processes. Red Hat solutions are commercially available across hybrid environments from on-premise, to multicloud, to edge deployments.