A 5-Stage Process for Automated Testing and Delivery of Complex Software Systems.

Managing and maintaining deployments of complex software present engineers with a multitude of challenges: security vulnerabilities, outdated dependencies, and unpredictable and asynchronous vendor release cadences, to name a few. We describe here an approach to automating key activities in the software operations process, with focus on the setup and testing of updates to third-party code. A key benefit is that engineers can more quickly and confidently deploy the latest versions of software. This allows a team to more easily and safely stay up to date on software releases, both to support client needs and to stay current on security patches. We illustrate this approach with a software engineering process platform managed by our team of researchers in the Applied Systems Group of the SEI’s CERT Division. This platform is designed to be compliant with the requirements of the Cybersecurity Maturity Model Certification (CMMC) and NIST SP 800-171.