The Navy is working to adopt new secure coding tools and practices following the lead of other services in using DevSecOps.
To focus its efforts on DevSecOps — an agile coding methodology that aims to bake security into software early on in development — the Navy launched a new platform called Black Pearl and recently established a task force for DevSecOps implementation.
After reorganizing its top ranking cybersecurity and IT officials, the Navy is now trying to inject security into the base level of its digital operations with DevSecOps. The Navy has struggled with cybersecurity, both in its own ranks and with its contractors, and DevSecOps is one route it has taken to try and address its persistent challenges.
Black Pearl hosts a group of products and software practices to give both the ability and resources to Navy coders to make secure products, according to its website. The program is similar to the Air Force’s Platform One and even uses some of its products.
Similarly, the implementation task force was stood up to ensure that as the Navy adopts new software practices and it is not being redundant or inefficient in adopting what other services have already accomplished, according to its establishing memorandum.
Black Pearl had a “soft launch” in the fall but was not widely publicized. One of its founders, Ken Kato, spoke about the program in a closed webinar that was later published online on Jan. 25. Kato, a presidential innovation fellow, was also instrumental in launching the Air Force’s coding factory Kessel Run.
The idea behind the secure platform is to house software development products and repositories for open-source code development and to train the digital workforce in DevSecOps. By putting all code through a common security process, the software achieves a continuous Authority To Operate (ATO) and doesn’t need to conduct timely compliance checks on each application individually.
Some of Black Pearl’s offerings Kato noted in the webinar are “Party Barge,” a shared development environment; “Lighthouse,” a platform-as-a-service baseline; and the “Software Practice,” which is the training hub for coders to become familiar with the new security coding methods.
“We are here to help educate your team so your team can grow,” Kato said during the webinar with other Navy members.
Black Pearl partners with Platform One on products like Iron Bank, a repository of software container images, and Repo One, a place for source code.
Nicolas Chaillan, the Air Force’s chief software office and leader of Platform One, commended the Navy’s new platform during the webinar.
The DevSecOps task force is being led by the Navy CTO Jane Rathbun as a means to create an overarching framework for how the Navy will approach the practice and where it will be implemented. While the memo doesn’t mention Black Pearl directly, the platform will likely play a large part in achieving the task force’s goals.