GAO: Military needs better controls for buying software

"Stronger Management Practices Are Needed to Improve DOD's Software-Intensive Weapon Acquisitions"

The Defense Department needs better quality controls when purchasing software for weapons systems development, according to a report released today by the General Accounting Office.

An investigation led by GAO found that the department lacks standard criteria for such software buys, leading to cost overruns and scheduling delays on programs such as the F/A-22 aircraft, space-based infrared system and the recently canceled Comanche attack helicopter.

In a review of five Defense projects, GAO found that the F/A-18 C/D fighter and attack aircraft and Tactical Tomahawk missile programs had the fewest cost and schedule delays. For those programs, developers used an evolutionary approach, disciplined processes, and meaningful metrics, Congressional auditors said. In contrast, the three other programs did not follow these management strategies and experienced schedule delays and cost growth, GAO officials said.

In its investigation, GAO found that software developers and purchasers in the private sector often use a "spiral" approach to develop and buy complex software, so that rather than try to get every desired capability in one shot, later installments add capabilities as they are perfected.

GAO cited three tested management strategies as ways to consistently bring projects in on time and on budget: working in an evolutionary environment; following disciplined development processes; and collecting and analyzing meaningful metrics to measure progress.

"In response to congressional requirements, DOD, the military services and the Missile Defense Agency have taken positive steps to improve the environment for acquiring software-intensive systems," the report states. "However, their plans to implement software process improvement programs are not yet complete and more work is required to ensure controls that would help managers increase the chances of successful acquisition outcomes."

The report states that the controls that need to be implemented should include: documenting baseline requirements agreements between the developer and acquirer who use systems engineering knowledge; meeting with the developer for periodic reviews during the development process; and obtaining meaningful metrics from the developer to manage the program.

GAO officials recommended that the secretary of Defense direct the military services and agencies to adopt specific controls to improve software acquisition outcomes. These practices should be incorporated into DOD policy, software process improvement plans and development contracts.

DOD officials responded by saying the report didn't adequately take into account the "significant challenges associated with acquisition of complex defense systems by generalizing software development across programs."

"It is important to take into account a program's acquisition characteristics before concluding, as this report does, that the difficulties experienced by DOD's complex developmental programs were primarily due to failure to implement software best practices of commercial wireless phone manufacturers and database-software developers," the response states.


  • Cybersecurity
    malware detection (Alexander Yakimov/

    Microsoft targets copycat influence websites

    Microsoft went to court to take down websites it believes to be part of a foreign intelligence operation targeting conservative think tanks and the U.S. Senate.

  • Cybersecurity
    secure network

    FAA explores shifting its network to FISMA high

    The Federal Aviation Administration is exploring an upgrade to the information security categorization of IT systems as part of air traffic control modernization.

  • Cybersecurity
    Shutterstock photo id 669226093 By Gorodenkoff

    The disinformation game

    The federal government is poised to bring new tools and strategies to bear in the fight against foreign-backed online disinformation campaigns, but how and when they choose to act could have ramifications on the U.S. political ecosystem.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.