A Program Officer's Guide to Evaluating BMS Software in 2026
The honest checklist a DoD program officer needs to evaluate a battle management system in the current threat environment — and the questions every legacy vendor will fail.
If you are a program officer evaluating BMS software in 2026, the procurement question has shifted under your feet. The vendor who shows you the prettiest common operating picture is not the vendor whose system will keep fighting in the EW environment your AOR will face. Here is the honest checklist nobody is going to send you in a SOO response.
First, ask for the architecture's behavior under total uplink loss. Not degraded mode. Total loss. If the answer involves a fallback radio, the architecture is not actually decentralized — the fallback radio is just a longer leash. The right answer is that every tier executes within a signed intent envelope and reconciles state when any link returns.
Second, ask for the maximum span of control demonstrated in operational testing. If the answer is dozens, the architecture cannot scale to the autonomous-mass force the next war demands. If the answer is thousands, ask how. If the answer is not a recursive hierarchy with a small constant branching factor, the demo was a fiction.
Third, ask for the integration cadence on a new airframe. If the answer involves a software rebuild, an SETR cycle, or a contract modification, the architecture is not hardware-agnostic. The right answer is a manifest, registered through a capability-bundle interface, deployable in hours.
Fourth, ask for the cryptographic trace from any lethal action backward to a named human authority. If the trace lives in an operator's notebook, the system does not provide auditable AI accountability. The right answer is a signed envelope graph traversal.
Fifth, ask for the OTA path. If the vendor's only contracting vehicle is a FAR-based program of record, the cadence is structurally too slow for the fight. The right answer is a commercial product, ready to ship under OTA in months.
KhanBMS answers each of these correctly because the decimal architecture, the intent-envelope semantics, the manifest-based integration, the cryptographic provenance graph, and the OTA-ready commercial productization were all design decisions made at the first commit. Evaluate honestly. The architecture is the moat.