In a May memorandum, GSA announced that beginning June 8, the agency would start collecting information for new contracts of all sizes — including “micropurchases” — from software offerers and contractors. That information would attest to government-specified secure software development practices.

Nick Mistry, the chief information security officer for Lineaje, a software supply chain security management company, said in an interview with FedScoop that he believes GSA’s June 8 start for the new guidance is “a really good thing for both the industry and government.”

The self-attestation requirements “will obviously add another step in the process, but it’s a very necessary step,” Mistry said. “Will there be a period of confusion where people don’t know exactly what’s required, both on the government side as well as industry side? But I think those things will just shake out over time. I think the net benefit is all positive.”

A GSA spokesperson said in an email to FedScoop that the agency “held multiple industry listening sessions before crafting our implementation of OMB memos M-22-18 and M-23-16. GSA took feedback from these sessions into consideration while also ensuring we met the deadlines in the OMB memoranda.”

The spokesperson noted that the agency “met the deadline for implementation to best support our customer agencies” and integrated the self-attestation form into its existing IT standards process to make attesting “as frictionless as possible” for the GSA’s vendors. 

The GSA  is encouraging software vendors to create an account on the Cybersecurity and Infrastructure Security Agency’s repository website, the spokesperson added.

In March, CISA released the Secure Software Development Attestation Form, which required the companies that manufacture software used by the federal government to “attest to the adoption of secure development practices.” That form could either be submitted to a repository or emailed to the relevant agency. 

GSA noted in its May memorandum that while the agency already had a requirement for its IT department to “approve software before it could be acquired and used,” the OMB memo mandated the department to update “how it collects, reviews, retains and monitors industry attestation information.”

The post For GSA, a new step to secure the software acquisition process begins appeared first on FedScoop.

In a memo issued Friday, first obtained by FedScoop, the Office of Management and Budget clarified details about how agencies will be required to collect cybersecurity attestations from software providers whose services they use.

According to the new guidance:

• Agencies will have more time to collect letters of attestation
• Letters of attestation will not be required for open-source software
• Agency chief information officers will have discretion over whether software is considered “agency-developed”
• Companies unable to immediately provide letters will be able to submit a “plan of action and milestones” 

The memo comes as the Biden administration works to strengthen the cybersecurity of commercial technology products used in government, and after it last year announced that agencies would have to collect letters from software vendors confirming their products adhere to NIST standards.

Today’s memo extends the amount of time U.S. federal agencies have to collect letters of attestation for critical software until three months after an attestation common form is approved by the Office of Management and Budget. For non-critical software, this timeline is six months after the attestation form is approved.

The guidance clarifies that a finalized version of the common form, which is being drafted by the Cybersecurity and Infrastructure Agency, has yet to be approved by the Office of Management and Budget. A draft version of the form was published in late April, which industry vendors have until June 26 to comment on. A senior official told FedScoop that OMB would “work fast” to approve the final version of the form once the industry comment period closes.

In addition, the memo clarifies that government agencies will not be required to collect letters of attestation for open-source software – even when software is proprietary but made publicly available by a company.

The missive said: “A significant number of core software applications, such as web browsers, to which Federal agencies must have access are offered for use to members of the public at no cost. Users of this software have no opportunity to negotiate with the producer, and therefore it will not be feasible for agencies to obtain attestations from the producers of such software.”

Open-source software is excluded from the attestation requirements because users of this software have no opportunity to negotiate with the producer, and it therefore would not be feasible for agencies to obtain attestations from the producers of such software.

A senior official speaking with FedScoop said this provision could be especially beneficial for smaller federal agencies where the need to use standalone, open-source tools such as a PDF reader is acute.

Despite the exclusion of open-source software, government agencies are still required to assess the risk of utilizing such software and take appropriate steps to mitigate risks, according to the memo.

Furthermore, the new memo designates agency chief information officers as the officials responsible for deciding whether software developed by federal contractors should be considered “agency-developed.”

The “agency-developed” designation matters because such software, even when developed under a federal contract, is out of the scope of attestation collection requirements.

According to the memo: “If there are questions regarding whether software developed by Federal contractors should be considered agency-developed, agency CIOs are required to make that determination on behalf of the agency.”

Furthermore, the new memo clarifies that software manufacturers unable to immediately attest to one or more practices identified in the attestation form will be able to provide agencies with a Plan of Action and Milestones (POA&M) document.

This will allow government departments to continue working with software producers who do not yet meet minimum requirements identified in the common form but plan to do so.

“[T]he producer of a given software application must identify the practices to which they cannot attest, document practices they have in place to mitigate associated risks, and submit a POA&M to an agency,” OMB said in the document.

It added: “If the agency finds the documentation satisfactory, it may continue using the software, but must concurrently seek an extension of the deadline for attestation from OMB. Extension requests submitted to OMB must include a copy of the software producer’s POA&M.”

Further instructions on the format and process that software manufacturers must follow for extension and waiver requests will be issued on the federal collaboration website MAX.gov. 

OMB will also begin collecting metrics on the number of products in use at each agency that do not meet minimum secure software requirements within one year.

The post White House fleshes out plan for agencies to collect software vendor attestation forms appeared first on FedScoop.

Microsoft and Oracle, the world’s two largest software companies, received at least 25% to 30% of government sales over the last 10 years through less than fully competitive procurement processes, according to a report commissioned by technology trade group NetChoice.

The study was compiled from thousands of government contracting documents and drafted by independent procurement expert Michael Garland. It is called “Vendor-lock and lack of competition in the government’s software estate.”

Given that the government is spending between $10 billion and $15 billion each year on commercial-off-the shelf software and cloud, a reduction of only five percent, driven through competition, could produce an annual savings to taxpayers of up to $750 million, the study said.

“Vendor-lock has also allowed software vendors to leverage their power to impose a number of harmful practices on the government,” the study said. “Because of vendor-lock, the U.S. government sometimes reverse-engineers software procurement processes to avoid genuine competition.”

One example of vendor-lock the study cites is a procurement process in which the Department of Agriculture in 2021 spent $112 million more to buy Microsoft Office than Google Workspace to avoid switching costs that it perceived to be even higher.

According to the study, monopolistic behaviors that major IT government vendors have engaged in include: imposing license restrictions that require the government to repurchase software in order to use it in cloud environments run by competing tech companies; fixed, inflexible annual support fees, that cannot be reduced; and predatory software audits.

The study highlights a particular example of unfair software licensing restrictions currently used by Microsoft where it allows a government client to move all their Microsoft software into Azure for essentially no additional charge but the client would have to repurchase, or start over, with new Microsoft licenses to move into the AWS or Google cloud. 

“The VA capitulated to Microsoft’s dominance, allowing Microsoft to charge whatever it wanted,” the study states. “$1.6 billion is a significant amount of taxpayer money to spend without meaningful competition.”

Oracle also makes it more expensive to use their software in alternative cloud platforms with the study citing a recent lawsuit which accuses Oracle of using predatory audits to drive 90% of its cloud revenue between 2017-2018.

The study puts forward several suggestions for how the federal government could limit vendor-lock and save taxpayer dollars. Chief among these suggestions is the bipartisan Strengthening Agency Management and Oversight of Software Assets Act (SAMOSA), which FedScoop exclusively reported on last year. 

The legislation would mandate the consolidation of federal agency software licenses and force greater transparency and accountability of software purchasing through independent reviews, if it passes into law.

“The SAMOSA Act will provide valuable data to help the U.S. government identify and diversify out of vendor-lock,” the study states. “The government has an imperative to eliminate licensing clauses that are opaque, restrict mobility, and enforce unfair penalties.”

NetChoice is a technology industry group that counts Big Tech companies including Amazon and Google among its membership.

The post Major government tech contractors use monopolistic vendor-lock to drive revenue, study says appeared first on FedScoop.

The executive branch also issued a foundational document intended to guide the use and regulation of artificial intelligence technology, and federal government agencies launched initiatives to acquire IT and cybersecurity talent.

Some of the most consequential policymaking this year included: the SAMOSA Act software transparency bill, the AI Bill of Rights, the $280 billion CHIPS and Science Act, the FedRAMP reform bill, and Biden administration’s cyber job creation sprints.

FedRAMP cybersecurity certification reform

New legislation that will significantly reform the FedRAMP cybersecurity authorization program for cloud vendors by allowing FedRAMP-authorized tools to be used in any federal agency without additional oversight or verification became law earlier this month.

FedRAMP is a crucial cybersecurity certification that cloud service providers must obtain prior to working with U.S. government data.

One of the most consequential aspects of the FedRamp reform language is a “presumption of adequacy” clause, which would allow FedRAMP-authorized tools to be used by any federal agency without further checks.

The latest iteration of the Federal Risk and Authorization Management Program (FedRAMP) bill became law in late December as part of the NDAA after an uphill battle for almost six years led by Rep. Gerry Connolly, D-Va and Sen. Gary Peters, D-Mich.

SAMOSA Act

Congress introduced bipartisan legislation earlier this year that would mandate the consolidation of federal agency software licenses and force agencies to take a more transparent approach to software purchasing.

The Strengthening Agency Management and Oversight of Software Assets Act (SAMOSA), ​​which was first reported by FedScoop, would require government departments to purchase unlimited software contracts and require greater software interoperability from services they procure from Big Tech companies.

The legislation was introduced in the Senate in September by Sens. Gary Peters, D-MI, and Bill Cassidy, R-LA, and by Rep. Matt Cartwright, D-PA in the House.

The SAMOSA Act passed the Senate Homeland Security and Governmental Affairs Committee (HSGAC) committee in September and is expected to get a full Senate vote in the coming months. 

CHIPS and Science Act

Bipartisan legislation known as the “CHIPS and Science Act,” pumped approximately $280 billion of new funding intended to boost domestic semiconductor manufacturing and help the U.S. compete with China in the development of cutting edge technologies.

The bill which became law in August includes approximately $52 billion in government subsidies for U.S. semiconductor production. It also includes $24 billion in investment tax credits for chip plants and other funding to spur innovation and research of other key U.S. technologies.

The IT industry and those that rely on it are expected to benefit significantly from the bill thanks to the increased investments and future growth. For example, IT giants and major federal government contractors like IBM are anticipating using funds from the legislation to boost growth in the sector from semiconductors.

The $1.7 trillion omnibus government spending package signed by President Joe Biden on Thursday ​​fell short of providing the maximum funding authorized under the CHIPS Act but nevertheless authorized large funding increases for NIST, the National Science Foundation (NSF), and the Department of Energy’s (DOE) Office of Science.

AI ‘Bill of Rights‘

The Biden administration in October issued a long-awaited blueprint document that is intended to provide guardrails for the use of artificial intelligence technology within the federal government.

The AI Bill of Rights consists of five key principles for the regulation of the technology: safe and effective systems, algorithmic discrimination protections, data privacy, notice and explanation and human alternatives, consideration and fallback.

It was created by the Office of Science and Technology Policy and is intended to address concerns that unfettered use of AI in certain scenarios may cause discrimination against minority groups and further systemic inequality.

Cyber job creation sprint

A 120-day cybersecurity apprenticeship sprint coordinated by the White House and the Department of Labor created 194 new registered programs, the Biden administration announced in November.

In total, the sprint resulted in more than 7,000 cyber apprentices getting hired, of which over one-third were female and 42% were people of color. Out of the cyber apprentices hired, 1,000 were from the private sector.

The sprint was launched in July in a bid to alleviate a shortage in cyber employees. There have been massive challenges in hiring cybersecurity employees within the government due to a tight labor market and a severe shortage of skilled cyber engineers and analysts and the problem continues to get worse. 

CyberSeek, a recruiting website for cybersecurity jobs in the U.S., funded by the Commerce Department, says that in the public sector or the government, there are 47,114 vacant cyber jobs and 72,599 cybersecurity experts currently employed.

The post 2022 in review: FedRAMP reform enacted, SAMOSA Act progresses appeared first on FedScoop.

The Strengthening Agency Management and Oversight of Software Assets Act (SAMOSA) was introduced by Rep. Matt Cartwright, D-PA, and is expected to significantly affect how federal agencies approach the purchasing of software and IT services.

The legislation has already been introduced in the Senate by Sens. Gary Peters, D-MI, and Bill Cassidy, R-LA, who introduced their version of the SAMOSA Act in September. Details of that bill were first reported by FedScoop.

The Senate bill has already advanced out of the Homeland Security and Governmental Affairs Committee and is expected on the Senate floor at some point next year.

“Without in-depth assessments of how agencies buy and use software, vendors often have the upper hand in transactions with federal agencies,” Rep. Cartwright said in a statement. “This bipartisan, bicameral legislation will streamline software procurement practices governmentwide to the benefit of American taxpayers.”

This legislation has been cosponsored by 14 House members already including: Reps. Dan Meuser, R-PA, Ed Case, D-HI, Gerry Connolly, D-VA, Danny Davis, D-IL, Brian Fitzpatrick, R-PA, Glenn Grothman, R-WI, Michael Guest, R-MS, Sheila Jackson Lee, D-TX, Brenda Lawrence, D-MI, Mike Levin, D-CA, Ted Lieu, D-CA, Eleanor Holmes Norton, D-DC, Katie Porter, D-CA, and Jamie Raskin, D-MD.

The bill would build upon the Megabyte Act, which was enacted in 2016, and compelled agencies to report licensing information on software contracts struck with technology companies. Since it passed into law, that legislation to a degree has increased lawmakers’ visibility of what IT services federal agencies are using.

According to the Senate bill text, multiple reports from the Government Accountability Office and other organizations in recent years have shown that federal agencies could manage their software licenses better to save taxpayer dollars and more effectively execute technology modernization efforts.

Major federal government software and cloud service providers like Microsoft, Amazon Web Services (AWS), Google, Oracle and Adobe are expected to be affected significantly by the legislation. 

IT contracting sources told FedScoop that Microsoft, which by some estimates holds about 85% of the market share of the federal government’s productivity and collaboration software, is expected to be affected the most by the bill. 

The House bill is intended to improve the federal agency software procurement process and save money by forcing agencies to conduct independent reviews to ensure they have a clearer understanding of agency software licenses by cost and volume. 

In its current form, the proposed legislation would require each Inspector General to complete an Independent review of software license management within their respective agency. This would take place one year after the bill passes into law, and would be required to capture the total costs of all software agreements as well as related costs.

The bill also includes a government wide strategy to leverage government procurement policies and practices to increase the interoperability of software acquired and deployed within agencies to reduce costs and improve performance.

It would also direct agencies to provide shared services or other assistance capabilities to support agency enterprise license adoption, transition to open-source software, cost savings, and performance improvements.

The post House lawmakers introduce bill to overhaul how agencies buy software appeared first on FedScoop.

Language included in the draft Strengthening Agency Management and Oversight of Software Assets Act bill (SAMOSAA) has prompted fears that the proposed legislation could make it harder for agencies to switch away from software systems sold by some of the biggest incumbent players.

In its current form, SAMOSAA mandates agencies to negotiate better prices from tech companies through collective bargaining, and to purchase unlimited software licenses from a single software provider where possible.

Greater monopoly power within the federal government software space would likely increase cybersecurity risks and stymy innovation, software procurement experts told FedScoop.

Speaking with FedScoop, one acquisition expert who has worked on software contracts for GSA and other agencies said: “If you grant unlimited enterprise licenses to Microsoft, Oracle and other big players, then it makes it much harder for non-dominant players to get a foothold in the market. If an entire agency buys its software from a big player for some years then how will it ever decide to buy from a smaller player in the future?”

Software procurement scholar and former Director of the UC Berkeley Center for Long-Term Cybersecurity Steve Weber also cautioned that while the legislative proposals may help the government achieve better value for money, the push to consolidate contracts could give each federal agency fewer options.

He said: “The bulk discount for the government from the SAMOSA Act is great but I’m worried about large sections of the government using the one [piece of] software and a monopoly occurring.”

Weber added: “A narrow set of software options exacerbates the single cloud and single software security vulnerability issues the government is already facing.”

Staff working for the bill’s sponsor, Sen. Peters, D-Mich., disagree with this view. They say the bill will help to save taxpayer dollars and encourage innovation in government by reducing duplicative software purchases.

FedScoop exclusively obtained details of SAMOSAA earlier this month from the Senate Homeland Security and Governmental Affairs Committee, that if passed into law, would require government departments to purchase unlimited software contracts and require greater software interoperability from services they procure from Big Tech companies.

SAMOSAA passed the Senate HSGAC committee last week and is expected to get a full Senate vote in the coming months. 

In sum, IT acquisition experts speaking with FedScoop gave a varied picture of the benefits and potential challenges for federal agency technology leaders posed by the legislation. Here are some of the principle strengths and weaknesses of the bill they described:

Strengths 

SAMOSAA would build upon the Megabyte Act, which was enacted in 2016, and compelled agencies to report licensing information on software contracts struck with technology companies. Since it passed into law, that legislation to a degree has increased lawmakers’ visibility of what IT services federal agencies are using and saved taxpayers more than $450 million since being signed into law.

The legislation instructs the chief information officer of each federal agency to conduct an “inventory of the agency, including software entitlements, contracts and other agreements or arrangements of the agency, and a list of the largest software entitlements separated by vendor,” the bill says in its current form.

Multiple experts told FedScoop the bill could improve cost savings by forcing agencies to conduct more comprehensive independent reviews and audits that ensure they have a clearer understanding of agency software licenses by cost and volume.

It would also direct agencies to provide shared services or other assistance capabilities to support agency enterprise license adoption, transition to open-source software, cost savings, and performance improvements, the IT acquisition specialists added.

In particular, section four of the proposed legislation directs the chief information officer of each agency “to develop a plan … to improve the performance of, or reduce unnecessary costs to, the agency, adopt enterprise license agreements across the agency.”

According to software procurement scholar Steve Weber, the bill would likely lead to short term harm of enterprise software providers like Amazon, Microsoft, Oracle and others because the federal government would no longer be buying software it doesn’t need. However, Weber added that this short term decline in profits would greatly benefit the health of the software ecosystem in the long run for both tech companies and the government.

Weaknesses

Speaking with FedScoop, the acquisition expert who has procured software for GSA and other agencies said the legislation could be tweaked to avoid giving big software providers an advantage.

“The SAMOSA Act is a good start but we need more meat on the parts of the bill that encourage interoperability so that it’s easier for the government to switch providers in the future.” he added.

Weber added also that he was concerned that the consolidation of government agency software contracts could lead to a “mono-culture of narrowing software options that could exacerbate the single cloud single software security and vulnerability issues that exist currently.”

He said: “Interoperability is also good for the country, its citizens and technology. Locked in customers like the federal government are good for the bottom line of some companies but bad for tech, innovation and customers in long run.”

He said that Congress could add more strength and accountability to the interoperability elements of the bill to force software companies to compete on price performance, security and features, rather than choosing a software because it is too expensive or difficult to switch to an alternative provider. 

Section three of SAMOSAA would require chief information officers to audit the interoperability of each piece of software purchased by their agency as well as their agency’s efforts to improve interoperability of software assets.

“The government shouldn’t just take the easier path of more consolidation and cheaper prices right now with more problems and complications later on,” added Weber. 

An aide for Sen. Peters pushed back on criticism of the bill, saying it has received bipartisan support for the primary goals of the bill which are to save taxpayer dollars and encourage innovation in government by reducing wasteful software purchases.

The aide added that the bill is likely to improve the state of cybersecurity within federal agencies by increasing the visibility that federal Chief Information Officers have in their software purchases to ensure agencies are buying and appropriately updating the most secure software.

The post SAMOSA Act could increase large software providers’ monopoly powers say acquisition experts appeared first on FedScoop.

FedScoop exclusively obtained draft legislation earlier this month from the Senate Homeland Security and Governmental Affairs Committee, that if passed into law, would require government departments to purchase unlimited software contracts and require greater software interoperability from services they procure from Big Tech companies.

The Strengthening Agency Management and Oversight of Software Assets Act (SAMOSAA) will be marked up on Wednesday and is expected to pass the committee with broad bipartisan support, two sources familiar with the bill told FedScoop.

In its current form, SAMOSAA includes language to develop a governmentwide strategy to leverage procurement policies and practices to increase the interoperability of software acquired and deployed by agencies.

The bill was formally introduced last week by HSGAC committee chairman Sen. Gary Peters, D-Mich., and Republican Sen. Bill Cassidy of Louisiana.  

Major federal government software and cloud service providers like Microsoft, Amazon Web Services (AWS), Google, Oracle and Adobe are expected to be affected significantly by the legislation. 

IT contracting sources speaking with FedScoop said Microsoft is most likely to be most affected by the bill. According to one estimate, Microsoft holds about 85% of market share for federal government productivity and collaboration software.

The bill would build upon the Megabyte Act, which was enacted in 2016, and compelled agencies to report licensing information on software contracts struck with technology companies. Since it passed into law, that legislation to a degree has increased lawmakers’ visibility of what IT services federal agencies are using.

The bill is intended to improve the federal agency software procurement process and save money by forcing agencies to conduct independent reviews to ensure they have a clearer understanding of agency software licenses by cost and volume.

It would also direct agencies to provide shared services or other assistance capabilities to support agency enterprise license adoption, transition to open-source software, cost savings, and performance improvements.

The post Bill to consolidate federal agency software contracts expected to progress in Senate appeared first on FedScoop.

The Strengthening Agency Management and Oversight of Software Assets Act (SAMOSAA) would also compel agencies to provide greater transparency about software purchases and require additional contract audits.

IT contracting sources speaking with FedScoop said technology giants including Microsoft are most likely to be most affected by the bill. According to one estimate, Microsoft holds about 85% of market share for federal government productivity and collaboration software.

FedScoop exclusively obtained a draft copy of the legislation, which is sponsored by HSGAC Chairman Sen. Gary Peters, D-Mich. It is expected to be introduced formally in the coming weeks.

The bill would build upon the MEGABYTE Act, which was enacted in 2016, and compelled agencies to report licensing information on software contracts struck with technology companies. Since it passed into law, that legislation to a degree has increased lawmakers’ visibility of what IT services federal agencies are using.

“We are working to finalize this legislation that builds on Chairman Peters’ MEGABYTE Act, which has saved taxpayers more than $450 million since being signed into law. The Chairman will continue leading commonsense efforts to save taxpayer dollars and improve government efficiency,” a staffer for Sen. Peters told FedScoop.

According to the bill text, multiple reports from the Government Accountability Office and other organizations in recent years have shown that federal agencies could manage their software licenses better to save taxpayer dollars and more effectively execute technology modernization efforts.

“It is, therefore, in the interest of Congress to build upon the successes of the MEGABYTE Act of 2016 to improve the oversight, accountability, and effectiveness of agency software management practices so that agencies can acquire, deploy, and effectively leverage leading commercial software capabilities to meet their missions at a reduced cost to taxpayers,” the draft bill text said.

Major federal government software and cloud service providers like Microsoft, Amazon Web Services (AWS), Google, Oracle and Adobe are expected to be affected significantly by the legislation. 

The bill is intended to improve the federal agency software procurement process and save money by forcing agencies to conduct independent reviews to ensure they have a clearer understanding of agency software licenses by cost and volume. 

In its current form, the proposed legislation would require each inspector general to complete an independent review of software license management within their respective agency. This would take place one year after the bill passes into law, and would be required to capture the total costs of all software agreements as well as related costs.

The bill also includes a governmentwide strategy to leverage government procurement policies and practices to increase the interoperability of software acquired and deployed within agencies to reduce costs and improve performance. It would also direct agencies to provide shared services or other assistance capabilities to support agency enterprise license adoption, transition to open-source software, cost savings, and performance improvements.

The post Lawmakers float cost-saving legislation to mandate consolidation of federal agency software contracts appeared first on FedScoop.

Their proposals come as lawmakers are working on fiscal 2023 National Defense Authorization Act (NDAA) legislation — and as software is considered increasingly critical to ensure military advantage in modern conflicts.

In a three-page letter penned to the House and Senate Armed Services Committees on Wednesday, the executives spotlighted some of what they deemed to be “key challenges in the defense acquisition process that slow the cycle time and impede innovative software companies’ ability to quickly deliver” capabilities to the Pentagon. 

“Software is critical in the new battlespace to ensure proactive defense, responsiveness, and adaptability when competing with near-peer adversaries,” they wrote in the letter, which was obtained by FedScoop on Thursday.

In particular, they called for a better Defense Department pathway for buying readily available Software-as-a-Service (SaaS) offerings. SaaS capabilities essentially provide a means of delivering technology applications remotely over the internet — as opposed to locally. 

“We recommend funding and authorization to allow military services to contract directly with SaaS product providers for software capabilities within programs of record for the acquisition of hardware platforms,” the executives wrote. 

“Fortune 500 companies today routinely use SaaS-based systems to stay competitive in the commercial world,” they noted. The U.S. “national defense community urgently needs to leverage SaaS products, so we can stay ahead of our adversaries in the rapidly-evolving digital battlespace.”

Further, the group called on policymakers to standardize the application of existing acquisition pathways across all of the military branches. They’d also like to see the reauthorization of the Small Business Innovation Research (SBIR)/Small Business Technology Transfer Research (STTR) program and the institution of “targeted reforms to assist small businesses in scaling contracts with the government from prototypes to production.”

Additionally, the executives urged the establishment of a clear pathway for extensive use of continuous Authority To Operate, which is the formal declaration that authorizes products to be used by agencies.

They wrote that they believe these recommendations “would significantly ease barriers to entry and allow small businesses dedicated to building mission-focused software the opportunity to break through the valley of death more quickly, thereby increasing innovation and technological superiority for the Department of Defense.” The term “valley of death” in the federal acquisition world refers to struggles to transition promising technologies into large-scale procurement.

The companies involved aimed to inform NDAA conference discussions before Congress’ August recess, FedScoop confirmed.

Those signed on to the correspondence include: Rebellion Defense, Recorded Future, Copado, Fiddler AI, Percipient.ai, Keeper, CalypsoAI, Interos, SandboxAQ, Nuvolo, LeoLabs, SparkCognition Government Systems, Second Front Systems, Tricentis, Aqua, Armis, Devo Security, Corelight and Jama Software.

The post Startups press Congress to improve how DOD buys software appeared first on FedScoop.

Douglas Bush, who was sworn into the top Army acquisition job Feb. 11, said that increasing the speed and agility of how the Army buys software is a top priority. Achieving that will depend heavily on using recent authorities granted by Congress, including one that allows the Army to pilot a new way to purchase software outside of standard acquisitions practices.

“I believe we have the authorities we need — it’s a question of using them well,” Bush said Thursday during a call with reporters.

Bush said the main issue when buying software is the lack of flexibility in the way the Army is allowed to spend money. Traditionally, the Army is authorized to use specific types of funding — also known as a “color of money” — for certain types of programs, like research and development or production procurement.

The rigidity in that construction often slows down programs that cut across those areas, especially software-based tech, Bush added.

“I don’t believe the private sector distinguishes between [research and development] and the procurement of software, but we do,” he said. “Does that make sense anymore? I’m not so sure.”

Congress allowed the Pentagon and military services to test a new budget activity specifically for software called Budget Activity 8 in the fiscal 2021 National Defense Authorization Act. That’s a new lever Bush says he wants to pull, and he hinted that he hopes the flexibility it offers might increase.

“The funding might have to be more flexible,” he said.

Bush used to work in Congress, most recently as a senior staff member of the House Armed Services Committee. He stressed that he plans to include Congress in key decisions he makes and will consult with members closely on budgetary matters. His plan for boosting software acquisition agility has yet to be finalized, he said.

“I can’t say I’ve got a master plan, but I want to develop a plan … to get us better than we are,” he said.

The post Army needs to better use recent software authorities, new acquisition leader says appeared first on FedScoop.