Acquisition Archetypes Seen in the Wild, DevSecOps Edition: Clinging to the Old Ways
The SEI conducts independent technical assessments (ITAs) periodically for any programs that request them, looking at both technical and programmatic aspects. Such requests often come from either programs that are experiencing challenges with delivering their systems or from external stakeholders to check on the progress that is being made. In the course of performing such an assessment, the ITA team may interview as many as 50 to 100 people from the program mangement office (PMO) staff, contractor staff, users, and other external stakeholder organizations, all under assurance of anonymity. Interviewees generally give very open and candid responses, giving the team insight into what is actually happening on a program and the ability to gain a deep understanding of the pressures and incentives under which people are operating. One notable aspect of such assessments is that similar problems arise across separate and dissimilar programs. The key questions that arise when conducting assessments of many different programs are “Why do some of these adverse behaviors keep happening across entirely different programs?” and “Is there a way to stop them?” In this blog post, I discuss the recurring problem in software acquisition and development of what I call clinging to the old ways. I describe the behavior in the context of a real-world scenario and provide recommendations on recovering from and preventing future occurrences of this problem. Future posts in this series will explore other recurring problems.