Chief Software Officer
Air Force’s Chief Software Officer Details Pentagon Enterprise DevSecOps Efforts
Air Force Chief Software Officer Nicolas Chaillan recently discussed with Nextgov his efforts to advance the Department of Defense’s Enterprise DevSecOps initiative, a responsibility which he has borne since August 2018 as part of the Office of the Secretary of Defense for Acquisition and Sustainment.
According to Chaillan, the Air Force, with Defense Chief Information Officer Dana Deasy’s blessing, has been hosting a cloud-agnostic software environment called Platform One that features tools and a centralized team dedicated to integrating built-in security and continuous upgrades into software. Chaillan added that Platform One allows the Air Force to immediately set up a readily accessible DevSecOps environment in various cloud computing services like Amazon and Azure with a single push of a button, Nextgov reported.
Civilian federal agencies, private companies and other DOD entities have been benefiting from the Air Force’s Platform One initiative, Chaillan said.
However, to gain access into Platform One, entities must be completely transparent about their pursuits. Entities wishing to bring software into the platform must provide a software bill of materials and pass a testing gate.
The Air Force has also been leveraging an open-source system called Kubernetes to transform DevSecOps initiatives in such a way that would enable the rapid deployment of code and security updates. Through Kubernetes, codes are easily transported in containers along with settings and tools that could be readily used on multiple operating systems,
Chaillan said Kubernetes eliminates environment restrictions, allowing for the transport of certain pieces of software from a jet to areas like the cloud, a classified cloud and even in disconnected on-premises environments at the edge. The said flexibility also makes it possible to reuse sensors, for example, across different service branches without the need to rebuild software, Chaillan added.
Moving forward, the National Institute of Standards and Technology aims to publish a draft special of a DevSecOps framework within the next 12 months. While being non-mandatory, the envisioned framework is hoped to broaden DevSecOps awareness and adoption for federal agencies and their contractors.
Category: Popular Voices
Tags: cloud cloud-agnostic software factory cybersecurity Dana Deasy Department of Defense DevSecOps Ellen Lord Kubernetes Nextgov Nicolas Chaillan Platform One Popular Voices Ron Ross U.S. Air Force