Rob Vietmeyer: Pentagon Eyes DevSecOps Guidance Updates

The Department of Defense’s chief software officer for the deputy chief information officer for information enterprisee said the agency is planning to update its DevSecOps guidance in light of emerging threats.

During an AFCEA TechNet Indo-Pacific panel discussion, Rob Vietmeyer, a past Potomac Officers Club speaker, shared that updates are being considered because of pipeline poisoning, typosquatting, backdoor infiltration and other threats to the agency’s DevSecOps pipeline. He added that the current guidance does not account for standard risk management framework weaknesses, particularly those around identity management, access controls, open-source tactics and emerging technologies and techniques.

The Pentagon’s guidance, created in 2022, identified best practices and requirements that should be included in the agency’s DevSecOps pipeline, SIGNAL Magazine reported Wednesday.

Private sector officials have also shared their thoughts on DevSecOps enhancements.

During the same AFCEA event, Aaron Weis, managing director of Google’s public sector, and Youssef Takhssaiti, director of Aqua Security, asserted that risk management frameworks are not enough to intercept malicious codes injected into DevSecOps pipelines, especially considering rapid technological advancements

In a June interview with Federal News Network, Bob Ritchie, the chief technology officer of Science Applications International Corp., said DevSecOps should be paired with multi-cloud services to introduce automation and artificial intelligence in decision-making capabilities and improve mission delivery.