Vulcan program

New DevSecOps Program in Development at Defense Information Systems Agency

The Hosting and Compute Center at the Defense Information Systems Agency is working on Vulcan, a continuous integration and continuous delivery program aimed at propagating DevSecOps software development principles and tools. Alex McFarland, Vulcan’s technical lead, said at the Trellix Cybersecurity Summit on Oct. 19 that he aims for the program to serve as both a toolset for the implementation of modern processes and a catalyst for broad cultural change in work management, DefenseScoop reported Friday.

Vulcan is intended to instill in developers the notion of continuous updates to software instead of recertifying after the expiration of authority to operate, an approval certification for information technology systems used to weigh security risks. McFarland emphasized that “trickling changes” shrinks feedback loops and allows for more frequent testing, leading to increased safety.

DISA is a significant driver of the movement toward continuous security within the Department of Defense. At an industry conference in March, senior officials said DevSecOps will be critical to DOD’s Joint All-Domain Command and Control project.

According to Lt. Gen. Robert Skinner, director of DISA and a 2022 Wash100 winner, his agency’s contribution to JADC2 involves a DevSecOps environment that synergizes legacy and modern technologies. Danielle Metz, the agency’s deputy CIO for information enterprise, shared that the concept is integral to DOD’s plan for software modernization.