NASA Open Source Agreement (NOSA) license: Good Start

01-Open-Source-SummitFrom time to time I give talks, often to government folks or folks that do business with government, about open source licenses and building communities across industry boundaries.  A number of years ago NASA blazed new trails for the US federal government when they submitted their custom open source license and was successful in having it added to the list of OSI approved licenses, were it remains today.

Over the last several years NASA has asked for advice about its license, which many in the industry and community have suggested limits participation outside of government in a long and valuable list of projects.  In 2011 and 2012 NASA was encouraged, cajoled, nudged and knocked over the head with power point slides suggesting they would be much better off landing on widely accepted license.

Because it comes up often, and I keep loosing track of the best details, I’m parking a copy  the NASA 2011  Open Source Summit Proceedings here were I can find them. This was a highly successful gathering of NASA staff, community leaders, and industry experts (hats off to Linda Curaton and Scott Goodwin as exec sponsors of the meeting).  The summit format included a number of “focus groups” tackling NASA’s top questions.  Issue #2: Licensing (Page 6) includes concrete recommendations for the agency.  Enjoy.

You can read much more about NASA’s work on open source at OpenNasa.gov

Proceedings: Open Cybersecurity Summit 2012

Proceedings: Open Cybersecurity Summit 2012

Last fall the Bryant Group led the production of the first annual Open Cybersecurity Summit.

The event was underwritten by the Department of Homeland Security Science and Technology Division (DHS S&T), Cybersecurity Division and delivered by Georgia Tech Research Institute (GTRI), the Homeland Open Security Technology program (HOST). The HOST program was created to explore, invest in and share potential solutions developed and distributed as open source software tools and applications.

The proceedings have been available to attendees for some time, but are public and available to any interested parties.  It was a first of a kind event so far as we know, with an emphasis on the use of Open Source Software tools and applications as well as related best practices in the Cybersecurity space. You can download the full DC Summit Proceedings 2012, or visit the archived conference site.

We expect the next summit to be announced later this spring.

summit

Summit Agenda

Morning

8:00 a.m. | Registration

9:00 a.m. | Summit Welcome

Keynote: “Crowds, Clouds, and Spies”

Speaker: Stewart A. Baker, former DHS Assistant Secretary for Policy, author and partner at
Steptoe & Johnson LLP

10:00 to 10:30 a.m. | General Session

“OWASP – The World’s Largest Open Source Web Application Security Project”

Speaker: Dave Wichers, Open Web Application Security (OWASP) board member and
COO and Co-founder, Aspect Security Inc.

10:30 – 10:45 a.m. | Break & Poster Sessions

10:45 a.m. – noon | Panel “Open Source and Cybersecurity: Building Trust and
Interoperability”

• Panelists: Matthew Scholl, Deputy Division Chief, Computer Security Division and
Associate Director of Operations for the NIST National Cybersecurity Center of
Excellence.
• Luke Berndt, Program Manager, Department of Homeland Security, Science and
Technology (S&T) Division
• Moderator: Mark Bohannon, Vice President, Corporate Affairs & Global Public
Policy, Red Hat.

Noon to 1:00 p.m. | Lunch Break & Poster Sessions

Afternoon

1:00 2:30 p.m. Panel: “Government as the Consumer and Creator of Open
Cybersecurity”

• Panelists: Dr. David A. Wheeler, Analyst, Institute for Defense Analyses
• Joshua Davis, Georgia Tech Research Institute (GTRI) Associate Branch Head, Cyber
Security Lab and Principal Investigator for the Homeland Open Security Technology
(HOST) program
• Joe Broghamer, Lead, Authentication Technologies, U.S. Department of Homeland
Security, Immigration and Customs Enforcement (ICE) Office of the Chief
Information Officer, IAD

2:30 – 2:45 p.m. |Break & Poster Sessions

2:45 – 3:50 p.m. | Lightning Talks

• Adding Real-time File Analytics to the Open Source Suricata Platform; Harold
Jones, BAE Systems
• Fostering an Innovative Smart Card Environment; Peter Fucci, Safer Institute
• Identity Management: Linux and Active Directory integration; Dmitri Pal, Red Hat
Inc.
• Open Source Software Verification and Validation; Philip Marshall, Black Duck
Software
• XenClient XT: The Extensible Platform for Secure Virtualization; Philip Tricca, Citrix
Systems
• Drupal Security Controls for Government Sites; Greg Wilson, Phase 2 Technology

3:50 – 4:00 pm | Closing Comments

Speaker: Dr. Douglas Maughan, Director, DHS S&T, Cyber Security Division

4:00 – 5:00 p.m. | Networking & Poster Sessions

Get on the (Hacker) Bus.

Get on the (Hacker) Bus.

I recently returned from the Thirteenth International Forum for Free Software (FISL) in Porto Alegre Brazil.  With an attendance of about 8,000 this year, it is the largest tech conference in South America and likely the largest free/open source conference in the world.  I was fortunate to have attended representing OSI and presented a keynote on free and open source software and its civic and social impact around the world, and a second session on Economic Development.

The Brazilian government – with great grassroots support – was a pioneer in the use of free software as an economic development strategy, and also to bridge the digital divide by lowering the barrier to access to technology.  Today the government’s involvement has shifted in some respects, and community leaders from a number of Latin American countries are debating in general the pros and cons of government partnership in their FOSS initiatives.

The “Hacker Bus” project – pictured above behind myself and colleague Paulo Mierelles from the University of Sao Paulo FLOSS Competency Center - really impressed.  Getting technology and “Hacktivism” out into undeserved areas makes for a fantastic program.
You can read more about the project on The Next Web  published during last year’s conference.

The Consumer Financial Protection Bureau Source Code Policy: Open and Shared

The Consumer Financial Protection Bureau Source Code Policy: Open and Shared

On April 6th, 2012 the U.S. Consumer Financial Protection Bureau (CFBP) rolled out their brand new Source Code Policy, setting the direction for their agency to consume and contribute to open source software.

As a brand new agency, CFBP is in the enviable position of creating their technology road map on a while sheet of paper.  No legacy systems, no legacy contracts, no legacy skill sets; not your frequent scenario in the federal government.  Unburdened by existing IT operations and entrenched processes based on outdated policies they were free to envision a fresh approach that reflects and supports their public trust mission.

We use open-source software, and we do so because it helps us fulfill our mission.

When we build our own software or contract with a third party to build it for us, we will share the code with the public at no charge.

They may have had the new guy advantage, but they’ve done some great work that makes it easier for other agencies to model.  CFPB has crafted a clear, concise policy for its use and then shared it broadly.  They follow in the footsteps of the Department of Defense, which began producing and refining policy for their agency personnel in this area a number of years ago.  CFPB hopes other agencies will find the policy useful as a reference model and to that end have also shared it on GitHub Gist.

I’ve been privileged to have collaborated with the agency’s chief architect of the policy Matthew Burton over the past five years or so.  I met Matthew about the time he authored a great essay entitled Why I Help the Man (and why you should too) and worked on a project (“Open Intel”) for the U.S. Department of Energy.  Congratulations to Matthew and the team at CFPB for their thoughtful work and leadership in this policy area, and for their creativity in making it a public asset.  And I have to add….thanks for making it one of the easiest reads ever for a federal IT policy.

You can read Matthew’s full official post on the publication of the policy on the agency web site.

Coming up: Open Source & Cybersecurity at POSSCON March 28-29, 2012

One of my favorite projects I have the good fortune to be contributing to was created by the US Department of Homeland Security Science and Technology Directorate (DHS S&T – the equivalent of the R&D arm of the agency).  It’s called the HOST program (Homeland Open Security Technology).

Joining me at the upcoming Palmetto Open Source Software Conference (POSSCON) on March 22-29 will be my HOST colleagues from  DHS, Georgia Tech Research Institute, OSSI, and other government experts like John Scott (most recently co-authored “Open Technology Development: Lessons Learned & Best Practices for the Military”.

The program does a number of things, but the main thrust is to help get open source cyber security tools in to the hands of federal, state and local agencies wherever it makes sense. The path that leads there includes creating some useful educational tools and making small, strategic investments to help make that possible.

If you’re interested in Open Source, the POSSCON event has grown into a must-attend.  If you’re interested in security, please come join us.  We’ll be there to….

Columbia, South Carolina serves up big heaps of southern hospitality to conference participants every year.  This is my fourth year to make the pilgrimage there.  If you can attend, I promise you won’t be disappointed.  And if you do, please come say hello.