Happy 18th Birthday, Cybersecurity Awareness Month

Out of my archives, Conference Proceedings from the 2012 Open Cybersecurity Summit in D.C.

I’m getting ready to head back to Washington D.C. again soon to see how I can best help support the public good from my seat at the table, helping translate open source communities and foundation work to policy makers. I am grateful for the standing invitation.

In going through some of my old files, I stumbled upon the proceedings from the 2012 Open Cybersecurity Summit I’d produced in D.C. ten years ago ten years ago during National Cyber Security Awareness Month. If you’re not aware, since 2004, the President of the United States and Congress have declared October to be Cybersecurity Awareness Month, helping individuals protect themselves online as threats to technology and confidential data become more commonplace.

Today, while those of us deeply involved in the open source ecosystem have heard increasing discussion in Washington DC of open source’s relationship in critical supply chain concerns within the software industry, its easy to miss that the US government has historically viewed open source not only an asset for rapid innovation and flexibility, it has also been considered a cyber asset.

For several years I worked with a small team at Georgia Tech Research Institute (GTRI) on a program called HOST – Homeland Open Source Technology – sponsored by DHS Science and Technology Directorate under Doug Maughn’s leadership (now at NSF). Part of our program helped seed and monitor micro-investments in open source cyber security-related technology like OpenSSL, Suricata, OWASP updated best practices for securing web applications, and others. Making these solutions available to state and local government agencies as well as federal was a key goal. For me personally, it was the best of both worlds; supporting open source communities and public good.

If you’ve been around open source and cybersecurity you’ll see a cast of veterans in the conference proceedings; Dr. David Wheeler from DISA (now at Linux Foundation’s Open Source Software Foundation – OpenSSF); Dave Wichers from OWASP; Matthew Scholl from NIST National Cybersecurity Center of Excellence; Mark Bohannon from Red Hat (a former fed himself, still at Red Hat and serves on the OpenSSF Policy Committee); Joshua Davis from GTRI’s Cyber Security Lab head in the day. Leading up to the summit, we ran a series of local round-tables and think-tank sessions for state and local government with contributions from security luminaries like Gordon “Fyodor” Lyons and Kees Cook.

FWIW, consider this a Cyber Throw-back to close out the Awareness month with a nod to open source software’s long-standing critical role – and to the communities that create it. Cheers.

Leaning into Public Policy for the Open Source Initiative

I’m pleased to share the news that I’ve accepted a role as US Policy Director for the Open Source Initiative (OSI).

A bit of back story – up to the 2019 Pandemic, the OSI’s board of directors had for many years met twice yearly in person. In 2012 I floated the idea of creating an event of public value as a sidebar to the board meeting – the board’s first such and now a part of the tradition of varying the location of the meetings and engaging with local communities through adjacent events. At the time I was working for Oregon State University’s Open Source Lab and focused chiefly on the successful adoption of open source in the public sector. By then, I’d done my own time in the policy tank… but I’ll save that story for another day.

In Washington DC, we booked and filled a room at the Library of Congress (impressing my book-loving mother no end) and hosted a license clinic with a group of government and industry subject matter experts. The event was a success and included incredibly engaging discussion with participants who appreciated OSI’s direct insight. It was also immediately clear to me that OSI’s public benefit voice was a powerful resource in environments where public policy development is core.

Roll forward a decade and open source is fully in the mainstream of technology in the public sector. It has also been identified as essential to Digital Public Goods. And while there is markedly decreased friction in its adoption and place in the sector’s digital transformation and innovation road maps, the need remains to keep open source open and to keep policy makers accurately informed – and that requires continuous education and clarity for all sectors of society.

You can read more from me about the increased focus on public policy for the organization in my full post on the Open Source Initiative’s site.

Recent-ish Changes.

Open Source Summit EU 2017 in Prague – with engineering friends from the Brno CZ office – giving demos in containers 🙂

I took a long break from consulting and blogging during a wonderful stretch of time working for Red Hat and leading their Open Source Program Office (2014-2022). I’ll be back soon writing about new projects and people I’m working with in the next chapter of my professional journey.

Call for Participation: State and Local Government Study on Open Source Adoption

604px-Oregon_State_Capital_rotundaIf you’re a U.S. State or Local technology professional with experience in open source software for your organization, your participation is being sought for a national study.

The interviews will be used to develop and publish a Best Practices and Lessons Learned report for state and local government. The analysis will also help inform Federal research and development efforts to leverage open source software for intergovernmental use.

The research is funded through the Science and Technology Directorate of the US Department of Homeland Security.

You’ll find more information and a contact form on our Call for Participation page.

Call is now closed.

Happy Tenth Anniversary OSL

OSUOSL logo
Oregon State University Open Source Lab unofficial commemorative logo, celebrating ten years of operation.

This evening Oregon State University Open Source Lab gathered staff, students and friends to celebrate their tenth anniversary.  Was great to see the crew, and exciting to hear about their direction for the next decade.  Their quiet and critical support of community open source projects continues.  Drop in on their web site, and if you’re in the Corvallis, Oregon area, ask for a tour of the OSL; they love to share.

If you’re interested in a light technical overview of OSL’s hosting and network capacity, hosted projects, and growth over the last ten years you can check out OSL director Lance Albertson’s presentation at the Southern California Linux Expo (SCALE) earlier this year.

NASA Open Source Agreement (NOSA) license: Good Start

01-Open-Source-SummitFrom time to time I give talks, often to government folks or folks that do business with government, about open source licenses and building communities across industry boundaries.  A number of years ago NASA blazed new trails for the US federal government when they submitted their custom open source license and was successful in having it added to the list of OSI approved licenses, were it remains today.

Over the last several years NASA has asked for advice about its license, which many in the industry and community have suggested limits participation outside of government in a long and valuable list of projects.  In 2011 and 2012 NASA was encouraged, cajoled, nudged and knocked over the head with power point slides suggesting they would be much better off landing on widely accepted license.

Because it comes up often, and I keep loosing track of the best details, I’m parking a copy  the NASA 2011  Open Source Summit Proceedings here were I can find them. This was a highly successful gathering of NASA staff, community leaders, and industry experts (hats off to Linda Curaton and Scott Goodwin as exec sponsors of the meeting).  The summit format included a number of “focus groups” tackling NASA’s top questions.  Issue #2: Licensing (Page 6) includes concrete recommendations for the agency.  Enjoy.

You can read much more about NASA’s work on open source at OpenNasa.gov