There is a need for faster updates to hardware and software. Software development, Security, and Operations (DevSecOps) is an approach being promoted as being able to deliver capabilities more secure, faster, and more reliably than traditional approaches. The benefits are touted as reduced mean-time to production; increased deployment frequency; fully automated risk characterization, monitoring, and mitigation; and software updates at the speed of operations.

The implementation of a DevSecOps capability is founded on the concept of a software factory: requirements and defects enter, and operating software that quickly meets the users’ most critical needs exits. Factories have start-up and operating costs that are based on challenging operating assumptions that, unless satisfied, can cripple software production, exceed project schedules, and blow-out budgets.

How much is a budget request for a software factory? Traditional cost estimating approaches based on analogy and historical data will not work. There are many factors that need to be considered to have an efficient, operating factory that span difficult, changing technological, operational, and budgetary decisions and trade-offs. There are new metrics required for both estimating and tracking the cost of a factory to ensure that it meets the needs of both developers and system users. These issues will be discussed in this presentation.