DOD IT Programs Operating at Lower Cost Estimates, Reports GAO

the 15 programs reported using commercial off-the-shelf software, which reduces development time and costs, the report said. Fourteen programs use an “iterative software development approach” that “may help reduce cost growth and deliver better results to the customer. However, programs also reported using an older approach to software development, known as waterfall, which could introduce risk for program cost growth because of its linear and sequential phases of development that may be implemented over a longer period of time.” All 15 surveyed programs are “developing cybersecurity strategies, which are intended to help ensure that programs are planning for and documenting cybersecurity risk management efforts,” GAO said. But “only eight” reported “conducting cybersecurity vulnerability assessments.” DOD reported it “continues to evolve its acquisition processes to reduce software development time, allow for faster delivery of capabilities, and lower life-cycle costs,” GAO said. The department said "the report highlighted opportunities for continued improvement in its efforts to acquire IT capabilities,” and it believes “implementation and wider adoption of the software acquisition pathway will assist in reducing risks and challenges, as will continued implementation of the DOD Cyber Strategy, which includes a line of effort aimed at improving the DOD cyber workforce by investing in future talent, identifying and recruiting sought-after talent, and retaining the current cyber workforce.”