The term “factory” related to software production might seem bizarre. Most still associate it with the collection, manipulation and manufacturing of hard materials such as steel, automobiles or consumer electronics. However, software is produced in a factory construct as well. “Software factory” generally refers to the collection of tools, assets and processes required to produce software in an efficient, repeatable and secure manner.
The software factory concept has taken hold in both the public and private sector, being recognized by organizations such as MITRE and VMware. The U.S. Department of Defense (DoD) has a robust ecosystem of at least 29 software factories, most notably Kessel Run and Platform One. Given the concern over software vulnerability, particularly in the software supply chain, it’s important to execute the software factory approach in a secure manner.