Skip to content

Realizing DevSecOps in a Systems Engineering World

Tangram Flex is excited to continue the multi-part series about bridging the treacherous gap in engineering.

In this edition John Weis, Director of Software Engineering at Tangram Flex, discusses the role of DevSecOps in today’s system engineering lifecycles. John brings engineering leadership experience from commercial and global software companies and provides expertise in engineering vision, approach, and delivery to our team.

Leveraging best-practices from industry in automated testing, continuous integration, and cybersecurity, the DevSecOps paradigm seeks to align the concerns of all aspects of the software development lifecycle. As it builds on Agile methodology that came before, the DevSecOps paradigm is beginning to deliver critical capability advantages to the warfighter, primarily in information systems. To date, these new techniques have not made significant in-roads to transforming how mission-critical systems are designed and delivered. Incremental delivery of new capability is not inherently at odds with the needs of mission-critical software, so what is lacking?

The gap between system specification and implementation is not new, but is growing faster than ever before as software becomes more complex. This has resulted in a more treacherous gap to overcome, requiring more flexibility than before to correct unidirectional handoff between Model-Based Systems Engineering (MBSE) and DevSecOps teams. Often system requirements must be read and “translated” into the corresponding software implementation. But after implementation, the fulfillment of those requirements is re-interpreted and again manually verified. Instead of two disparate disciplines that require mediation, systems developers need to be able to play as one from the same sheet of music. New tools and capabilities are needed to dynamically address the concerns of each discipline and allow for true interaction across the gap.

Components of Software for Composed Systems

Bret Victor, an expert in dynamic human-computer interfaces, described the kinds of problems endemic to the breakdown between a system’s representation and its behavior in an address at MIT Media Lab called Media for the Thinking the Unthinkable. Exploring the bounds of human faculty, Victor cited Richard Hamming, a mathematician whose work was profoundly important to the world of computer information theory and signal processing:

Just as there are odors that dogs can smell and we cannot, as well as sounds that dogs can hear and we cannot, so too there are wavelengths of light we cannot see and flavors we cannot taste.

Why then, given our brains wired the way they are, does the remark “Perhaps there are thoughts we cannot think,” surprise you?

Evolution, so far, may possibly have blocked us from being able to think in some directions; there could be unthinkable thoughts.

While Hamming highlights our limitations, Victor suggests the answer to this challenge is the creation of tools that allow higher forms of reasoning about — and manipulation of — complexity in the system. Instead of “dead” representations of circuits or formulas, Victor advocates for the creation of tools which allow the user to see the behavior of a system while interactively modifying its specification and representations.

Without similar tools for the systems engineering domain, software teams are only able to deliver functionality at the speed of manual translation from technical specification into computer implementation. In the place of models, which merely specify desired system behavior, disconnected from the code-bases which implement those received requirements, systems engineers need tools that provide living linkages between integrated components of functionality and allow reasoning on, and verification, of system implementation and the flow of information between its parts. With these links established, the friction in the system delivery, variation, and modification process is eliminated.

With dynamic understanding of the properties of each software component, a Component Software Integration Platform (CSIP) can allow for new breakthroughs of functionality to the warfighter, repurposing systems that have yet to be integrated, or even envisioned.

Utilizing a CSIP, systems engineers can verify delivered software artifacts, tracing the flow of thought from design, requirements, implementation, testing, and delivery. By leveraging the paradigms of interface specification and code-generation, software engineers can allow rapid verification of composed systems functionality through continuous integration and delivery. In doing so, the domains of MBSE and DevSecOps are brought into greater alignment, reducing the lead-time between threat identification, capability delivery, and warfighter engagement.

The challenges facing us today seem daunting, but we can continue to address lifecycle gaps and meet our needs where they arise by remaining adaptable and adopting the right tools for today’s unique and changing systems.

Tangram Flex simplifies software integration for mission-critical defense systems. Every system is unique, but the mission is clear: the people on the ground need dependable, adaptable equipment to get the job done. At Tangram Flex, we understand the challenges of security, speed, and safety. Our team combines engineering expertise with our Component Software Integration Platform (CSIP), Tangram Pro™, to arm engineers with customized toolkits for meeting mission needs.

Tangram Flex is headquartered in Dayton, Ohio. Our staff has experience from DoD, Fortune 500 companies, and innovative software startups. We are dedicated to walking alongside our customers to keep pace with changes in technology. Get in touch: