By Jackson Barnett, article published by FEDSCOOP Jan 17, 2021
The Air Force wants to open its DevSecOps platform, known as Platform One, to private sector partnership with the hope of tapping into a consortium of academic and industry organizations to enhance its coding environment.
In a draft request for information, the Air Force’s AFWERX office pitched creating a software development Cooperative Research and Development Agreement (CRADA) — a research partnership between the government and non-government entities that allows for the private sector to commercialize government-created technology — to bolster the Department of Defense’s DevSecOps work. CRADAs, not as widely used as they once were, provide for the transfer of technology breakthroughs from the government to private sector use.
Platform One leaders said Tuesday the Air Force hopes to bring more users and technology into the departmentwide DevSecOps environment.
“One of the big requests that we have been getting over the past months really is about enabling access to Platform One,” Nicolas Chaillan, the Air Force’s chief software officer, said during a virtual “Ask Me Anything” event announcing the idea.
Chaillan and others said they hope an eventual non-government partner would create a consortium to work with as many companies, nonprofits and academic partners as possible under the CRADA.
The Platform One team plans to review feedback from the RFI for several months before deciding on an entity to partner with and how it will structure the agreement to work with as many users as possible.
What do non-government entities stand to gain from such an agreement? They would have direct access to Air Force subject matter experts, the ability to “resell” Platform One products, and an influence on the future of the platform, according to the RFI and AMA event. Collaborators will be able to “enhance their own research and development activities and ensure they are able to leverage breakthroughs coming from Platform One’s portfolio,” the RFI states.
Partners would also gain access to Platform One’s continuous Authority To Operate, meaning new code written on the platform would be approved for use on other military networks with the same security requirements. That is the essence of DevSecOps, where software is built with security baked-in continuously from the start.
“We want to collaborate with industry, academia, for-profits, non-profits to continue growing this base infrastructure that we have,” Joey Arora, chief scaling officer at Platform One, said during the AMA. “So we want help growing the DevSecOps initiative.”
Any profits generated by firms reselling technology developed under the research agreement would need to be reinvested back into it the platform.
“It has to be a win-win situation where you are going to resell … but you need to give a portion of that back to the government,” Chaillan said.
Platform One has several components to it, from its open-source repository called “Repo One” to a cloud-native access point, or “CNAP.” The RFI looks for collaborators who can bring the best new technology to each of the pieces of the platform.