DevSecOps

TECHNICAL DEFINITION

DevSecOps is a software engineering methodology emphasizing the pervasive integration of security controls, automation, and best practices throughout the entire software development lifecycle (SDLC), from initial design through development, testing, deployment, and operational maintenance. This paradigm, crucial in military and defense, leverages continuous integration/continuous delivery (CI/CD) pipelines to enhance system resilience, accelerate compliance (e.g., RMF, NIST), and streamline Authority to Operate (ATO) processes for mission-critical applications and emerging technologies.

BACKGROUND

Project Maven is a United States Department of Defense initiative launched in 2017 to accelerate the adoption of machine learning and data integration across U.S. military intelligence workflows, specifically in intelligence, surveillance, target acquisition, and reconnaissance as well as in geospatial intelligence. It initially focused on applying computer vision for processing images and videos for intelligence purposes. Currently, the program operates under the National Geospatial-Intelligence Agency (NGA) and encompasses multiple applications across the Department of Defense spanning military operation targeting support, data integration and visualization for analysts, and training machine learning models on labeled datasets of military assets and infrastructure. It integrates data from drones, satellites, and other sensors to flag potential targets, present findings to human analysts, and relay their decisions to operational systems.

SYNONYMS & ALIASES

• Secure DevOps
• SecDevOps
• Rugged DevOps
• Shift-Left Security
• Continuous Security

USAGE NOTE

In military and defense, DevSecOps is essential for rapidly fielding secure, compliant software for mission systems, often accelerating the Authority to Operate (ATO) process for critical capabilities and emerging technologies.

DEVELOPERS

Organizations developing technology related to DevSecOps.

• Booz Allen Hamilton

  A leading management and technology consulting firm that applies DevSecOps principles to modernize IT infrastructure and develop secure software for various U.S. government and defense agencies.

• Lockheed Martin

  A global aerospace, defense, security, and advanced technologies company that integrates DevSecOps practices into its software development lifecycle for advanced defense systems, ensuring secure and agile delivery of critical capabilities.

• Northrop Grumman

  A multinational aerospace and defense technology company that utilizes DevSecOps methodologies to enhance the security, speed, and quality of software development across its defense and aerospace programs.

• General Dynamics Information Technology (GDIT)

  A major provider of IT services and solutions to federal, state, and local governments, including defense, that provides extensive DevSecOps implementation and consulting services to clients, helping them achieve secure, continuous software delivery.

• Leidos

  A FORTUNE 500 science and technology leader that delivers DevSecOps solutions and expertise to federal agencies, including the Department of Defense, to automate security and accelerate software deployments.

• Palantir Technologies

  Develops secure, data-driven software platforms used by defense and intelligence organizations, with an inherent focus on secure development and deployment practices that align with DevSecOps principles.

• Department of Defense (DoD) Platform One

  A U.S. Air Force-led initiative providing a secure, hardened, enterprise-grade DevSecOps platform and ecosystem for government software development teams across the Department of Defense.

• MITRE Corporation

  A non-profit organization that manages federally funded research and development centers, advising and conducting research for various government agencies, including defense, on best practices for cybersecurity, secure software engineering, and DevSecOps adoption.