Skip to main content
News
Close shot of Software Engineering Institute building sign
June 11, 2025

CMU Study Identifies Strengths and Challenges in Pentagon’s Software Modernization Efforts

By: Laura Snyder
Media Inquiries
Cassia Crogan
University Communications & Marketing

Carnegie Mellon University research could help shape U.S. Department of Defense (DOD) strategies for deploying secure digital capabilities on the battlefield as well as in critical areas like cybersecurity, disaster response and communications. 

A new CMU Software Engineering Institute (SEI) study shows how DOD programs are getting better and faster at delivering secure software and where challenges persist.

 
DOD's George Lamb and SEI's Eileen Wrubel and Brigid O'Hearn discuss key results of the report in this webinar. 

DOD released the study's results in a report that examines the state of DevSecOps, a modern approach that integrates software development (Dev), security (Sec), and operations (Ops) into a continuous cycle so updates are faster, safer and more reliable.  Already commonly used in industry, DevSecOps is gaining traction across federal agencies to shorten delivery cycles while maintaining high security standards. 

Objective insights for DOD leaders

Eileen Wrubel

Eileen Wrubel

The study found that pockets of the DOD have had significant success with DevSecOps practices, enhancing deployment speed, security and operational efficiency. To move forward, the DOD needs to implement those successes at scale. 

“It was important to identify opportunities to optimize investment, processes and policies that enable the DOD to scale up successful practices,” said Eileen Wrubel, technical director of software acquisition policy and practice at the SEI’s Software Solutions Division. “This will help ensure that software factories are sufficiently staffed and resourced to scale for innovation and consistently and effectively deliver mission value.”

George Lamb

George Lamb

Ensuring timely access to tools and technologies is essential to support effective mission execution.

“Maintaining the nation’s strategic advantage over fast-moving adversaries requires security, efficiency and speed. Insights and findings from this study will help us make targeted investments to ensure that,” said George Lamb, director of DoD Information Network Capabilities in the DoD’s Office of the Chief Information Officer.

CMU’s role in national software modernization

As a federally-funded research and development center, the SEI brings decades of expertise to one of the DOD’s most urgent missions: transforming its software acquisition and delivery to match the pace of modern threats.   

Last year, Lamb asked the SEI to assess how DevSecOps is used across the department and to provide insights for future planning. The SEI has long led efforts to measure and improve how software is developed and delivered, especially in high-stakes defense settings. Its researchers have helped define key metrics for evaluating software pipelines and organizations, as well as played a major role in shaping DOD policies on software acquisition and deployment

A grarphic outlining the diverse ecosystem of sofware factories

Read the SEI summary of the report

— Related Content —

Trojan horse on top of blocks of hexadecimal programming codes. Illustration of the concept of online hacking, computer spyware, malware and ransomware. stock photo

Meet the Trojan-Hunting SEI Researchers Improving Computer Vision

abstract blue and green image

SEI and DOD Center To Ensure Trustworthiness in AI Systems
code on a black computer screen

SEI and OpenAI Recommend Ways To Evaluate Large Language Models for Cybersecurity Applications