“Code low, deploy high.”
That describes the ways Raytheon Technologies engineers are using DevSecOps processes and tools on programs from a new, strategic partnership with open-source software giant Red Hat.
DevSecOps, short for development, security and operations, integrates security into the rapid software development processes of DevOps. Raytheon Technologies and Red Hat are developing a new cross-domain DevSecOps product that allows for development at an unclassified level (coding low), and speeds up the time to deployment in a classified environment (deploying high).
“We’ve always maintained the highest levels of cybersecurity in our technologies and programs,” said Jon Check, Raytheon Technologies Cyber Protection Solutions senior director. “But with Red Hat’s platform, we’re taking it to a new level. DevSecOps will be baked in from start to finish, because OpenShift automates many of the security tests from end to end.”
Unlike traditional development approaches that were point-in-time and potentially disruptive, DevSecOps is seamless and continuous, according to Check.
“A DevSecOps framework uses automated tools and ensures security is built into applications, rather than being bolted on afterwards,” Check said. “It ensures security is paramount during every stage of the software delivery life cycle. We experience continuous integration, where the cost of compliance is reduced and software is delivered and released faster.”
The partnership is relying on Red Hat’s OpenShift platform, which is based on the company's Enterprise Linux operating system. It will help Raytheon Technologies developers detect, compare, correlate and respond to security vulnerabilities through the entire DevSecOps workflow.
“OpenShift is a solution recognized by our customers that works across all cloud services, like Amazon, Microsoft, Google, or on-premises data services,” Check said. “Our developers don’t have to worry about what environment they’re coding for, and it’s a repeatable process. They will no longer have to learn new tools or new processes every time they’re assigned a new project…and then try to make the magic happen.”
Check believes this represents the future of secure software development.
“We’re going to be able to train our staff to where the market is going,” he said.
Red Hat is already working on a number of programs with Raytheon Technologies.
“Our relationship in the last year has grown at 100 percent,” said Paul Smith, Red Hat senior vice president and general manager, Public Sector. “It’s a very significant partnership, and we see it growing ... Raytheon [Technologies] has the mission knowledge.”
Choosing the right container platform is critical to the future of companies conducting software development, according to Smith. He compared choosing a container platform to the “operating system wars” between Microsoft and Linux.
“The container is today’s modern-day warfare,” Smith said. “You don’t want to be locked into platform that creates silos. You don’t want your developers having to be mindful and thinking, 'What I am writing this for – Amazon, Microsoft, Google?’”
With OpenShift, Raytheon Technologies’ software developers can do what they were trained to do, Check said.
“They don’t have to worry about the underlying architecture,” Check said. “With minimal training, a developer can begin to code immediately.”
For one program, about 100 Raytheon Technologies software engineers went to Red Hat’s Open Innovation Labs to get trained quickly on tools and processes on their program. More and more developers will train to use Red Hat, according to Check.
“A core aspect of this collaboration is letting Raytheon [Technologies] and Red Hat do what they do best,” he said. “And co-create on new programs, and grow both of our businesses.”