Sonatype helps the US Patent and Trademark Office deliver innovation, security, and resiliency

USPTO Customer Story

The work of the United States Patent and Trademark Office (USPTO) impacts the national economy through examining applications, registering trademarks, and granting patents that protect intellectual property for inventors and entrepreneurs everywhere. The mission dates back to the Constitution itself, which assigns Congress the responsibility “to promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries.”

Though part of the Department of Commerce, the USPTO receives no tax dollars and is entirely self-funded from the fees earned from its patent and trademark services. Technology underpins virtually every aspect of operations. The agency’s employees and customers depend on IT products and services built and delivered by teams in the Office of the Chief Information Officer (OCIO), including the systems and tools examiners use to foster innovation.

The agency’s operations depend on efficient business systems, and resiliency is among its chief concerns. Even brief outages can be costly and inhibit the work of the USPTO and its customers.

The USPTO has significantly improved its product delivery services in recent years, in part by integrating Sonatype products into its development operations. These changes have resulted in numerous benefits, including increased developer productivity, higher deployment frequency, and improved overall software quality.

The Challenges: Rapid Expansion, Complex Development Needs, and Process Improvements

The Product Delivery Services Division in OCIO’s Office of Business Product Delivery is responsible for configuring and releasing software tools used by agency developers.

Because there is just one avenue for obtaining U.S. patents and trademarks, many of USPTO’s examination tools are custom-developed. This division recently expanded, doubling its number of federal employees, driven by the need for more robust and scalable development tools. The division, led by Director Spence Spencer, encompasses three branches covering the USPTO’s software development process, from developer experience and delivery to test automation. Managing mission-critical software tools is comparable to a manufacturing process. As Spencer explains, “To increase efficiency, you have to know where your bottlenecks are. The only way to do that is through a holistic understanding of your value stream.”

To achieve this, Spencer set out to enable frequent, incremental delivery of business value through resilient, secure, and innovative software processes.

The Solution: Increasing Developer Autonomy with Sonatype

For over a decade, the OCIO has relied on Sonatype Nexus Repository, which helps OCIO teams manage their binary repository for their first build automation platform. As supply chain vulnerabilities became increasingly problematic in recent years, particularly with the 2021 Log4j issue, monitoring and enforcing software composition took on a greater sense of urgency. Spencer turned to Sonatype Firewall for the ability to block malicious packages from the start and Sonatype Lifecycle, powered by Sonatype’s proprietary policy engine, for software scanning and vulnerability mitigation.

The tools enable the team to avoid blocking entire libraries to provide developers with as much flexibility as possible. Developers can rely on warnings from Sonatype to notify developers of issues and empower them to make the call on whether or not to deploy. This level of visibility results in a more streamlined development process, with developers experiencing less frustration and a smoother, more creative development workflow.

The Outcome: Streamlined Development and Higher Developer Satisfaction

Part of this drive to efficiency meant localizing the decision to deploy software with individual developers without requiring a change board review. This makes it possible to deploy improvements when they become available and realize immediate benefits. “We have teams that go from concept to deployment in less than 24 hours, and that frequent incremental delivery of business value makes us incredibly productive,” said Spencer.

Releasing changes as soon as they are available means Spencer’s team can identify and address issues at each stage instead of all at once with a single release update. “This is a case where it’s actually safer to go fast,” Spencer says. The OCIO reported more than 70,000 deployments in a single year, a testament to the efficiency gains, driven in part, by adopting Sonatype tools. Some teams are now capable of deploying new software multiple times per day, significantly reducing the time from concept to production.

One of the most significant advantages of an automated build and delivery mechanism is that developers get rapid feedback about what they are building. “Software development is a creative endeavor, so it’s important to shorten the feedback loop as much as possible so iterations can happen quickly. Develop, commit, compile, deploy, test,” Spencer says. “This makes developers more productive and happier.”

Spencer is currently focused on cultivating efficiencies by driving the use of internal open source components through its internal developer community. One team develops the solutions to be used by other groups. A good repository manager simplifies this, allowing Spencer’s team to build artifacts into products before deployment.

The adoption of Sonatype products has fueled new efficiencies in IT development and deployment processes that enhanced productivity, security, and overall software quality. By automating critical aspects of the software development lifecycle, USPTO teams have been able to focus more on IT innovation and minimize risks associated with open source dependencies.

The case of the USPTO’s OCIO illustrates how organizations can leverage Sonatype solutions to overcome complex software development challenges at scale.