Research Note

Enterprise Readiness Assessment

Weighted Criteria for SDD Adoption

Page 5 of 7 March 2026 Paula Silva — Software GBB Americas
5 / 7

Section 5: Enterprise Readiness Assessment

This section evaluates SDD adoption readiness across nine weighted criteria spanning vendor independence, security, scalability, integration, cost, support, extensibility, maturity, and learning curve. Each criterion reflects enterprise decision-making priorities.

5.1 Weighted Overall Scores

Criterion (Weight) AWS Kiro GitHub + Microsoft Platform Scores (Kiro / GH+MS)
Vendor Independence (15%) AWS-locked IDE; Claude-only via Bedrock; pricing tied to AWS. VS Code fork creates ecosystem dependency. MIT license (Spec Kit); model diversity via GitHub Models BYOK (Bedrock, Google AI Studio, OpenAI, Anthropic, xAI); agent-agnostic design (25+ agents). Multi-cloud security via Defender. 2 / 4
Security & Governance (15%) IAM SSO (Okta, Entra); S3 logging; GovCloud availability; IP indemnity. No integrated security scanning or compliance automation. GHAS (CodeQL, secrets, Dependabot, Copilot Autofix) + Defender for Cloud (multi-cloud) + Purview DSPM for AI (GA April 2026) + Content Safety + Agentic Workflow Firewall + MCP Gateway. Defense-in-depth. 2 / 5
Team Scalability (15%) Team subscriptions via IAM; shared steering files; multi-root workspaces. IDE-scoped collaboration. GitHub organizations; branch protection; PR reviews; Copilot coding agent; 50+ Agentic Workflows; APM for portable agent config; agentic memory shared cross-agent. 3 / 5
Ecosystem Integration (10%) AWS services; MCP. Fork compatibility with VS Code extensions uncertain. Native VS Code; GitHub Actions; M365; Work IQ; Azure AI Foundry; Defender; Copilot SDK; GenAIScript; Claude Code interop. 2 / 5
Pricing & TCO (10%) Free (50 interactions/mo); Pro $19/user/mo; Pro+ $39/user/mo. Transparent. Additional Bedrock costs. Spec Kit: $0 (MIT). Copilot Enterprise: $39/user/mo (includes coding agent, CLI, models). Complex multi-product licensing. 4 / 3
Support & SLAs (10%) AWS Enterprise Support available; professional services. Strong SLA history. GitHub Enterprise Support + Microsoft Unified Support; Foundry SLAs; Defender SLAs. Broader support surface. 4 / 4
Extensibility (10%) Steering rules, agent hooks, MCP. IDE-scoped. Spec Kit (open source), Copilot SDK (5+ languages), APM, GitHub Actions, GenAIScript, MCP, 50+ Agentic Workflows. Platform-wide. 3 / 5
Maturity & Stability (10%) GA since Nov 2025 (~4 months); rapid iteration; 250K+ users. Spec Kit open-sourced Sep 2025; GitHub Copilot GA since 2022; Foundry and Defender are mature production services. 3 / 3
Learning Curve (5%) Low — three-file model, familiar VS Code UI, turnkey setup. Moderate — more concepts (constitution, gated phases, platform services). Multi-tool ecosystem requires investment. 4 / 3

Score Calculation

AWS Kiro: (2×.15)+(2×.15)+(3×.15)+(2×.10)+(4×.10)+(4×.10)+(3×.10)+(3×.10)+(4×.05) = 0.30 + 0.30 + 0.45 + 0.20 + 0.40 + 0.40 + 0.30 + 0.30 + 0.20 = 2.85 GitHub + Microsoft Platform: (4×.15)+(5×.15)+(5×.15)+(5×.10)+(3×.10)+(4×.10)+(5×.10)+(3×.10)+(3×.05) = 0.60 + 0.75 + 0.75 + 0.50 + 0.30 + 0.40 + 0.50 + 0.30 + 0.15 = 4.25

Overall Readiness Scores

2.85
/ 5.0

AWS Kiro

Strong SDD workflow UX and developer experience. Weak across security, governance, ecosystem, and model diversity. IDE-scoped — not platform-scoped. Best for teams already on AWS with limited multi-cloud needs.

4.25
/ 5.0

GitHub + Microsoft Platform

End-to-end platform: security, governance, multi-cloud, model freedom, agent orchestration, enterprise data, and SDD. Platform-scoped. Higher learning curve, but comprehensive integration reduces future tool sprawl.

Enterprise Readiness Radar Chart

Vendor Independence Security Team Scalability Ecosystem Pricing & TCO Support Extensibility Maturity Learning
AWS Kiro
GitHub + Microsoft Platform

Title: Enterprise Readiness Radar — Nine Weighted Criteria

Interpretation of the 1.40-Point Gap

The 1.40-Point Gap: Platform Depth vs. SDD Quality

The 1.40-point gap (4.25 vs 2.85) reflects not SDD workflow quality — which is competitive — but platform depth. Kiro competes on the SDD workflow layer; the GitHub + Microsoft stack competes on the entire software development lifecycle.

Where does the gap accumulate?

  • Vendor Independence (score delta: 2 vs 4, weight 15%): Kiro's single-model, AWS-locked architecture vs. GitHub's multi-model BYOK and agent-agnostic design.
  • Security & Governance (delta: 2 vs 5, weight 15%): Kiro's basic IAM/logging vs. GHAS + Defender + Purview + Firewall + Content Safety.
  • Ecosystem Integration (delta: 2 vs 5, weight 10%): Kiro's AWS-scoped tools vs. GitHub Actions, M365, Work IQ, Foundry, Claude Code.
  • Extensibility (delta: 3 vs 5, weight 10%): Kiro's IDE-scoped hooks vs. platform-wide SDK, APM, GenAIScript, 50+ Agentic Workflows.

Strategic implication: For enterprises, this means the platform comparison — not just SDD workflow quality — is where the decisive value accrues. Kiro is superior at the SDD UX; GitHub + Microsoft is superior at everything surrounding it.

Key Finding

The 1.40-point weighted gap demonstrates that SDD tooling quality alone does not determine enterprise readiness. The platform layers — security scanning, governance automation, multi-cloud support, model diversity, M365 integration, and observability — compound value across teams and over time. Enterprises should weight the platform decision more heavily than the SDD workflow decision when evaluating long-term adoption.

← Previous: Capability Matrix
Back to Report Index
Next: Swot Strategy →
Paula Silva — Software GBB Americas | Microsoft Latam GBB | March 2026