The Australian Department of Defence is planning to adopt Continuous Iterative Development (CID) approaches for certain Software-Intensive Systems (SIS) development. In the Defence sector, users of CID are increasing adopting the Development Security Operations (DevSecOps) approach. This is an organisational software engineering culture and practice that aims at unifying software development (Dev), security (Sec) and operations (Ops). This new paradigm seeks to employ multiple peer-level contractors to produce and maintain the evolving software solution.
This paradigm is intended to deliver security-tested, micro-service capability elements on very short timeframes (weeks to months). This, in turn, enables an Agile-like development process to meet rapidly changing client needs and reflect technological advancements.
In shifting from a dependence on any one prime contractor, a number of disaggregated software development organisations are contracted to deliver the micro services. Defence must introduce new software measurement approaches to:
- guide the contractor group on cross-supplier integration matters;
- support the monitoring of delivery progress against the technical specifications for the components; and
- ensure that the components to be delivered will integrate as expected and contribute to higher-level capability goals.
In this paper, presented at INCOSE 2021, Shoal’s Stephen Cook and Ashok Samalam, with Defence Science and Technology’s Mark Unewisse, explore designing a metrics framework and application in a major CID SIS.