NASA Open Source Agreement (NOSA) license: Good Start

01-Open-Source-SummitFrom time to time I give talks, often to government folks or folks that do business with government, about open source licenses and building communities across industry boundaries.  A number of years ago NASA blazed new trails for the US federal government when they submitted their custom open source license and was successful in having it added to the list of OSI approved licenses, were it remains today.

Over the last several years NASA has asked for advice about its license, which many in the industry and community have suggested limits participation outside of government in a long and valuable list of projects.  In 2011 and 2012 NASA was encouraged, cajoled, nudged and knocked over the head with power point slides suggesting they would be much better off landing on widely accepted license.

Because it comes up often, and I keep loosing track of the best details, I’m parking a copy  the NASA 2011  Open Source Summit Proceedings here were I can find them. This was a highly successful gathering of NASA staff, community leaders, and industry experts (hats off to Linda Curaton and Scott Goodwin as exec sponsors of the meeting).  The summit format included a number of “focus groups” tackling NASA’s top questions.  Issue #2: Licensing (Page 6) includes concrete recommendations for the agency.  Enjoy.

You can read much more about NASA’s work on open source at OpenNasa.gov

Proceedings: Open Cybersecurity Summit 2012

Proceedings: Open Cybersecurity Summit 2012

Last fall the Bryant Group led the production of the first annual Open Cybersecurity Summit.

The event was underwritten by the Department of Homeland Security Science and Technology Division (DHS S&T), Cybersecurity Division and delivered by Georgia Tech Research Institute (GTRI), the Homeland Open Security Technology program (HOST). The HOST program was created to explore, invest in and share potential solutions developed and distributed as open source software tools and applications.

The proceedings have been available to attendees for some time, but are public and available to any interested parties.  It was a first of a kind event so far as we know, with an emphasis on the use of Open Source Software tools and applications as well as related best practices in the Cybersecurity space. You can download the full DC Summit Proceedings 2012, or visit the archived conference site.

We expect the next summit to be announced later this spring.

summit

Summit Agenda

Morning

8:00 a.m. | Registration

9:00 a.m. | Summit Welcome

Keynote: “Crowds, Clouds, and Spies”

Speaker: Stewart A. Baker, former DHS Assistant Secretary for Policy, author and partner at
Steptoe & Johnson LLP

10:00 to 10:30 a.m. | General Session

“OWASP – The World’s Largest Open Source Web Application Security Project”

Speaker: Dave Wichers, Open Web Application Security (OWASP) board member and
COO and Co-founder, Aspect Security Inc.

10:30 – 10:45 a.m. | Break & Poster Sessions

10:45 a.m. – noon | Panel “Open Source and Cybersecurity: Building Trust and
Interoperability”

• Panelists: Matthew Scholl, Deputy Division Chief, Computer Security Division and
Associate Director of Operations for the NIST National Cybersecurity Center of
Excellence.
• Luke Berndt, Program Manager, Department of Homeland Security, Science and
Technology (S&T) Division
• Moderator: Mark Bohannon, Vice President, Corporate Affairs & Global Public
Policy, Red Hat.

Noon to 1:00 p.m. | Lunch Break & Poster Sessions

Afternoon

1:00 2:30 p.m. Panel: “Government as the Consumer and Creator of Open
Cybersecurity”

• Panelists: Dr. David A. Wheeler, Analyst, Institute for Defense Analyses
• Joshua Davis, Georgia Tech Research Institute (GTRI) Associate Branch Head, Cyber
Security Lab and Principal Investigator for the Homeland Open Security Technology
(HOST) program
• Joe Broghamer, Lead, Authentication Technologies, U.S. Department of Homeland
Security, Immigration and Customs Enforcement (ICE) Office of the Chief
Information Officer, IAD

2:30 – 2:45 p.m. |Break & Poster Sessions

2:45 – 3:50 p.m. | Lightning Talks

• Adding Real-time File Analytics to the Open Source Suricata Platform; Harold
Jones, BAE Systems
• Fostering an Innovative Smart Card Environment; Peter Fucci, Safer Institute
• Identity Management: Linux and Active Directory integration; Dmitri Pal, Red Hat
Inc.
• Open Source Software Verification and Validation; Philip Marshall, Black Duck
Software
• XenClient XT: The Extensible Platform for Secure Virtualization; Philip Tricca, Citrix
Systems
• Drupal Security Controls for Government Sites; Greg Wilson, Phase 2 Technology

3:50 – 4:00 pm | Closing Comments

Speaker: Dr. Douglas Maughan, Director, DHS S&T, Cyber Security Division

4:00 – 5:00 p.m. | Networking & Poster Sessions

DoD Releases Open Technology Development: Lessons Learned by the Military

It’s been about five years since the DoD-commissioned Open Technology Development Road Map was published, considered the definitive primer for smart government agencies and their personnel diving in to Open Source development, acquisition and operational policy-making.  The next anxiously-awaited (well, not anxious but very much looked-forward to) installment  – entitled “Open Technology Development: Lessons Learned and Best Practices for Military Software”  is now available in a PDF format.OTD_Lessons

You can down the new publication here: OTD-lessons-learned-military-FinalV1

If you’re interested in the 2006 Open Technology Road Map document, it’s still a great resource.  You can download it here: OTDRoadmap_v3_Final

If you’re interesting in watching the OTD’s author-on-point John Scott present the original OTD Road Map at GOSCON 2006, here’s the link to the video: http://www.youtube.com/user/osuosl#p/u/24/QOEFSygla5s

If you’d like to read Karl Fogel’s gushing review of the doc for Civic Commons, it’s here: http://civiccommons.org/2011/05/dod-open-technology-guide/

Finally, you can visit the Mil-OSS community at http://mil-oss.org/

A document I am very pleased to be associated with; thanks John Scott for the opportunity and congratulations on hitting another one out of the park.

Enjoy! and share with a friend.

US Gov Memo Spells Out Open Source Inclusion in Federal Acquisition

First the musings: Because I’ve been involved with open source adoption in Government nearly since Al Gore invented the Internet, I get a lot of questions about what the White House is thinking about Open Source.  Joking aside, this has been present on people’s minds since the new administration took office.  For those familiar with some of the appointees’ backgrounds, there was a hope that open source software would play larger role in Federal IT.*  People got very excited when the White House web site moved to Drupal.  I thought it cool too, and accepted that as a sign of more flexible thinking.  At the same time, having run a technology policy office (at the state level) earlier in my career,  I understood that moving a web site to an open source Content Management System did not constitute a major break-through in a complex IT acquisition environment where the greatest savings and efficiencies remain in larger investments in software development for systems unique (if not common within) government.

On to the news: Yesterday’s United States Office of Management and Budget (OMB)  memo entitled “Technology Neutrality” and signed by the US Chief Information Officer Viveck Kundra is a balanced and inclusive expression of options the feds should consider when procuring information technology.

“…agencies should analyze alternatives that include proprietary, open source, and mixed source technologies. This allows the Government to pursue the best strategy to meet its particular needs.”

Even with its quiet Friday release, it has been reasonably well-covered by the press, along with a bit of speculation about “why now”.  You can check out some of the coverage at NextGov TechInsider, GovFresh, and FedRadio. Classically, the new media folks touched on implications for open source while Fed Radio’s take on the memo was “a reminder not to use brand names in their procurements.”

I’ll just take this as a win for a more balanced view, now institutionalized as advice to Federal CIOs.

What’s next?  I want to hear more about how the GSA may use use an open source cloud solution for that new forge.gov project.  We all have our wish lists, that one is high on mine.

* Viveck Kundra and Aneesh Chopra had extensive experience with open source in their respective roles prior to joining the Obama administration.  See Kundra’s GOSCON 2008 Keynote presentation “Open Source as a way of Life”.

GOSCON 2008 Keynote Slides

Click to Download 2008 GOSCON Keynote Presso