Katie Arrington, who is performing the duties of chief information officer for the Department of War and is a Wash100 Award recipient, has published a document summarizing responses to three previously issued requests for information on advancing software security as part of the Pentagon’s Software Fast Track, or SWFT, initiative.
Arrington said in the document’s foreword that industry submitted over 400 responses to the RFIs. She added that insights from collected from the effort will inform how the department can transform software security and ensure that the U.S. can maintain battlefield superiority well into the future.
Global adversaries are after government data. Learn more about threats to the U.S. in the cyber domain, which has become the principal battlefield in global conflict, at the Potomac Officers Club’s 2026 Cyber Summit on May 21. You can save your spot for this critical summit as early as today. Register here.
What Did DOW Find Through the SWFT RFIs?
Responses to the first RFI, which focused on SWFT tools, revealed concerns over inconsistent attestation requirements. According to the summary, while organizations reported alignment with established security frameworks, many complained that the lack of universally accepted guidelines for documentation for compliance, which create additional challenges in integrating security standards into regular workflows.
For the RFI on SWFT external assessment methodologies, respondents said they rely on internal and external audits to evaluate software security. Companies called for clear guardrails for external assessment functions.
Industry sees potential to enhance the efficiency of risk assessment and address novel challenges based on responses to the third RFI, which centered on automation and artificial intelligence in SWFT. Responses to the RFI highlighted the capability of automation and AI to reduce manual and repetitive tasks, including data analysis and impact assessment. Respondents also raised challenges related to AI, such as explainability and reliability, data security, and model performance.
What Is the SWFT Initiative?
The Pentagon launched the SWFT initiative in May to transform the way it acquires, tests, authorizes and fields software.
Under SWFT, the DOW intends to provide clear specific cybersecurity and supply chain risk management requirements, software security verification processes, information-sharing mechanisms, and government-led risk determinations.
