First State of DoD DevSecOps Study Finds Excellence and Opportunities

The Department of Defense (DoD) started incorporating DevSecOps into its software development and acquisition practices in the last decade. To baseline the DoD’s progress and facilitate planning for future DevSecOps adoption, the SEI studied the state of DevSecOps within the DoD in 2024. The DoD Chief Information Officer (CIO) released the results of the study in early 2025.

Security, efficiency, and speed are critical in the DoD’s high-stakes environment and against fast-moving adversaries. DevSecOps principles and practices speed delivery of secure software capabilities by operations and security staff.

The report The State of DevSecOps within the Department of Defense says that pockets of the DoD have had significant success with DevSecOps practices and that the DoD needs to implement those successes at scale. Major findings include the following:

• DevSecOps achieves success amid rapid change.
• Software factories are our digital arsenal and the catalyst to enabling software modernization.
• DevSecOps enables continuous Authority to Operate.
• Policy and guidance based on successful grass-roots efforts have enabled change.
• Success rests on forging a mission-ready DevSecOps workforce and strong leadership committed to driving to creative solutions.
• The path forward relies on data and effective measurement.

Photo: U.S. DoD, U.S. Navy Petty Officer 2nd Class Alexander Kubitza