DoD Enterprise DevSecOps Reference Design from the DoD CIO – A Summary Content referenced from: https://dodcio.defense.gov/Portals/0/Documents/DoD%20Enterprise%20DevSecOps%20Reference %20Design%20v1.0_Public%20Release 0_Public%20Release.pdf?ver=2019-09-26-115824-583 DevSecOps – Defined by DoD CIO DevSecOps is an organizational software engineering culture and practice that aims at unifying software development (Dev) sidecar container CSIAC Webinars - DoD Enterprise DevSecOps Initiative – Nicolas Chaillan presenting https://www.csiac.org/podcast/dod-enterprise-devsecops-initiative/ DoD Centralized Container Source Code

Public Release; Distribution Unlimited. 14-0391ii Executive Summary The Department of Defense (DoD) needs an acquisition framework for information technology (IT) that can keep pace with rapidly changing can help the DoD to transform IT acquisition by delivering capabilities faster and responding more effectively to changes in operations, technology, and budgets. This guide provides DoD acquisition professionals seen growing adoption across the DoD and other federal agencies. Agile practices enable the DoD to achieve reforms directed by Congress and DoD Acquisition Executives. DoD Instruction 5000.02 (Dec 2013)

programming • Modules • 2000s • Template metaprogramming • Concurrency • 2020s • ??? 3What is DoD about? • DoD (“Data oriented design”) • Not about cache lines, nor struct layout (at its core) • From wikipedia: 4Minimalist definition of DoD 𝐷𝑎𝑡𝑎!"#$"# = 𝐹(𝐷𝑎𝑡𝑎%&$"#) Transformation Input Data Output Data Specific transformation Previous transformation Next transformation 5How DoD is used in actual ChatGPT… 7 That’s cool, but it won’t get us very far…How can we improve it? (second try) • At its core DoD is just: 𝐷𝑎𝑡𝑎!"#$"# = 𝐹(𝐷𝑎𝑡𝑎%&$"#) • … With a heavy focus on the data. • What if we looked

organization like the Department of Defense (DoD). With the world’s most powerful weapons arsenal in its control, there is no room for error with security. The DoD has been transforming itself in recent years they leveraged the platform approach to systems building. Security is baked into the platform at DoD so that developers only need to apply tags to certain resources to have capabilities, like authentication terms of security.” — Nicolas Chaillan, former Chief Software Officer of the U.S. Air Force The DoD leverages Istio as its service mesh, and one aspect of Istio is its reliance on sidecars for secure

Cost Estimation  Cost estimation in an Agile environment is challenging  The challenge within DoD is often a resistance to allocate budget for a program until all the requirements are fully defined

Malware Research # @ Endgame 0x40200B Malware Research # @ Fireeye 0x40201A Computer Forensics # @ DoD PREVIOUS 0x40D021 Blackhat, RSA, DEFCON, 0x40D02B 44Con, CanSecWest 0x40D02E BsidesSF, WiCys 0x40D032

enforcing federal security standards. Hardening the product is based on the US Department of Defense (DoD) guidelines Security Template Implementation Guides (STIG). Hardening removes unnecessary packages

enforcing federal security standards. Hardening the product is based on the US Department of Defense (DoD) guidelines Security Template Implementation Guides (STIG). Hardening removes unnecessary packages

enforcing federal security standards. Hardening the product is based on the US Department of Defense (DoD) guidelines Security Template Implementation Guides (STIG). Hardening removes unnecessary packages

enforcing federal security standards. Hardening the product is based on the US Department of Defense (DoD) guidelines Security Template Implementation Guides (STIG). Hardening removes unnecessary packages