Jane Edwards
Bryon Kroger, founder and CEO of Rise8, said implementing the continuous authority to operate process could enable military and government agencies to expedite software development and delivery within days or hours to support critical missions, Air and Space Forces Magazine reported Aug. 12.
Under the cATO process, developers replace traditional stability and security reviews with continuous monitoring and risk assessment and use automated tests in developing applications that can rapidly respond to missions without security risks.
According to Kroger, cATO is about “decreasing risk—and making the mission more effective.”
With cATO, developers should work closely with users and integrate the National Institute of Standards and Technology’s Risk Management Framework into development and testing processes to iterate software in one-week sprints.
“As you incentivize smaller changes, then people start releasing much more quickly,” said Kroger, one of the co-founders of the U.S. Air Force’s Kessel Run software factory.
The Rise8 chief executive also cited the importance of developing cross-functional DevOps teams that combine security and compliance groups with the testers.
Kroger said such structural changes result in a “virtuous cycle, whereby when you need software updates — like let’s say you discover a security vulnerability — I can get a fix out in minutes.”
