From critical infrastructure to everyday applications, federal agencies rely on software and the code that powers it more than ever before. But this reliance introduces risk. The software supply chain – the process of building, distributing, and deploying software – is increasingly targeted by malicious actors. A compromise anywhere in this chain can have devastating consequences.
That’s why the U.S. Department of Defense recently introduced the Software Fast Track (SWFT) Initiative, which is intended to reform the way the DoD acquires, tests, and authorizes secure software. Its ultimate goal is to improve the nation’s ability to securely and quickly bring high-quality software to warfighters. This welcomed and, some say, overdue effort is a reflection of the way in which software acquisition can be slow, misaligned with today’s mission needs, and offer little to no supply chain visibility.
In the current geopolitical climate and with the renewed attention on efficiency in government, the SWFT Initiative is well-aligned with GDIT’s own aspirations to deliver the art of the possible in support of government missions.
A Proactive Approach to Software Security
DevSHIELD is GDIT’s comprehensive solution for efficiently and effectively building secure software from the ground up. It’s a suite of vetted commercial tools and processes integrated into our software factory, providing layered security controls throughout the software development lifecycle. In line with SWFT, it helps agencies access the solutions they need when they need them.
DevSHIELD provides a robust, repeatable, and verifiable approach to software supply chain security. It facilitates faster authorities to operate (ATOs) by automating the detailed documentation that ATOs require.
More than a process alone, DevSHIELD is powered by years of research and development investments and a comprehensive technology portfolio. As an example, it is integrated with an AI-assisted ATO compliance engine and a malicious code analysis tool to perform automated vulnerability assessment and remediation.
We also leverage our Coral Software Factory to provide a secure, repeatable development environment, that integrates seamlessly with DevSHIELD. We draw on our enterprise-wide expertise in cloud security, DevSecOps automation, and threat intelligence to give customers a holistic security solution. Together with a set of robust data analytics capabilities, the solution offers customers actionable insights into the security posture of their software supply chain.
Making a Supply Chain Impact
The DevSHIELD solution has been instrumental in strengthening the software supply chains of key government organizations, enabling faster, more secure delivery of critical capabilities. For a U.S. Air Force program, DevSHIELD-aligned practices accelerated ATOs by integrating security into the deployment process. By consistently achieving 85% code coverage and executing more than 1,300 automated security scans monthly, we were able to proactively identify and mitigate vulnerabilities throughout the software development lifecycle, significantly reducing our customer’s risk exposure while accelerating secure software delivery.
As another example, our U.S. Navy software factory supports a thriving community of 2,500 developers across 30 projects, enabling rapid and secure software delivery. With more than 3,900 automated security tests performed daily, we provide continuous vulnerability detection and remediation. For organizations like NIH, we have dramatically reduced the burden of security accreditation by 90%, freeing up valuable resources and accelerating the delivery of critical features.
In today’s threat landscape, a proactive and comprehensive approach to software supply chain security is no longer optional – it’s essential. DevSHIELD provides a proven framework for securing critical software assets, reducing risk, and accelerating delivery. Agencies face growing and evolving challenges related to meeting increasingly stringent security requirements and need trusted partners with a deep understanding of the federal government’s security requirements. GDIT is committed to being that partner and working with customers and mission partners to build a more secure and resilient future.