The Department of Defense (DoD) has made progress in improving software and cybersecurity associated with its weapons systems, but the programs still struggle to implement and execute modern software development practices, according to a recent Government Accountability Office (GAO) report.
In GAO’s Weapon Systems Annual Assessment, software development factors – such as cybersecurity – were identified as “risks to efforts to develop and field capabilities to the warfighter.” These findings were also consistent from last year’s annual weapons assessment.
“DOD made efforts to improve in these areas, such as working to update its software and cybersecurity instructions and provide guidance on Agile software development practices,” the report says. “However, we found that the majority of programs we surveyed continue to face challenges in executing modern software development practices and many programs we surveyed are challenged in implementing iterative and early cybersecurity assessments.”
GAO reported that major defense acquisition programs (MDAPs) and middle-tier acquisition (MTA) programs are “using Agile software development approaches, but programs were inconsistent in Agile implementation and in adopting other recommended practices.”
Additionally, only six of the 36 programs that reported using Agile (23 MDAPs and 13 MTA programs) told GAO they were delivering software to users in less than three months.
GAO recommended that the undersecretary of defense for acquisition and sustainment “should ensure that the internal and external reporting capabilities developed using multiple efforts or pathways provides information on each individual effort as well as the overall planned cost and schedule required to deliver the eventual capability.” DoD agreed with this recommendation.