Last week I attended:
3rd Annual DoD Open Conference
Sponsored by AFEI in McLean VA. December 11-12th
Sun Attendees: Jim Laurent, Tom Syster, Bill Vass (Keynote speaker) Paul Tatum
This is an annual conference attended by government, industry and consultants (Mitre/IDA) to discuss open source technology, open systems and open development methodologies. Approximately 100 people in attendance. The President and COO of Sun Federal Bill Vass was one of the keynote speakers.
It's clear from attending this conference again (this is my third time) that there is no avoiding the use of open source tools in the Federal Government. Whether it is something as simple as glassfish and openssh or more advanced technologies like the UltraSPARC T1 and T2 processors, open source is everywhere in the DoD.
Nick Guertin, Directory Open Arch. PEO IWS Navy
Discussed the Navy's open architecture designed to achieve modularity, interoperability, standards compliance.
Discussed business issues and licensing issues around open source
Mark Tolliver, President of Palamida SW. (formerly of Sun Micro)
Palamdia delivers auditing and compliance software that compares your software build to existing DB of open source projects providing you with an audit of which OSS you are using, there versions etc.
His experience in code analysis indicates that most projects consist of 30-50% open source components. Many of these are often found to be below rev and have security vulnerabilities. Most projects have 50% to 300% MORE OSS than they think they do.
Primary message: Control your SW supply chain through:
Compliance (his SW can help, of course)
Bill Vass discussed the value of OSS and Sun's use of it.
OSS is unstoppable because of:
No vendor lockin
Bill reviewed Sun's strong position in the open source communities and our benefits derived from open sourcing Solaris, Glassfish, OpenOffice etc. Handed out complete JES CD kits to all attending. (Sun was a platinum sponsor for the conference.)
He then lead a panel for Q and A including Dewey Houck of Boeing and Bob Gourley, former CIO of DIA. Intelligence agencies a big proponent of open source. There was active participation from the audience.
I received feedback from several people during the breaks at the Sun table that they didn't know Sun was so active and aggressive in the OSS community.
Terry Bollinger ASD/NII discussed open Source Governance including:
Evaluation of OSS
Don Adams of Tibco discussed their Open AJAX toolkit known as Bossie.
Eric Pugh of OpenSource Connections discussed the use of the "Agile Methodology" and open source development for thePathFinder program, NGIC and GCGS-A. www.agilemanifesto.org
Chris Runge of Red Hat provided two case studies of how open source technologies allowed something to happen that was "impossible otherwise."
NSA dev of SE Linux being incorporated into productions OSes such as RHAT and Suse. First MLS OS that is part of the standard OS distribution
Real-time Linux enhancements working with IBM, and DDG-1000 (aka DDX program) in the Navy.
RHEL 4 + Real time kernel + IBM RT Java + Blade servers
Coming Soon: Red Hat MRG = RHEL 5.1 = Messaging toolkit + Real time + Grid technologies
Important in financial/trading communities
Nick Weatherby of the Open Source Software Initiative discussed how industry is trying to facilitate OSS adoption by working with Government.
Created Government Technology Task Force to help accelerate and clear out obstancles in standards, procurement, legal issues. Working with DISA, DoNavy, Army, AF, OSD, JFCOM, DHS, Justice, etc
Example: FIPS 140-2 validation of the Open SSH libraries
working on IAVA security validation and Common Criteria process for Open Source
Ball Aerospace rep provided a case study of how they took a GeoSpatial toolkit developed for the government through the process of putting it on a public open source project. Goal was to increase adoption of their framework thereby increasing their bus. oppty for consulting services.
Obstacles included ITAR approvals, Legal, internal politics, ownership issues.
Ed Beck of CSC in NJ
discussed how they used open source modules to reduce costs and increase speed in their deployment of an AEGIS missile update for Display console and systems management tools
Display console now 60% open source based
Sys. Mgt. tools now 40% OSS based
#1 issue was licensing. DoD is very sensitive about the fact that using the GPL license might mean giving away technology to the bad guys. Tools used included tcl/tk, Flex/Bison, XPM, Mozilla, etc
BG Gen. Nick Justice of the US Army
discussed value and benefit of OSS in the DoD including acceleration of mission apps, lower cost, increased security etc. Mentioned Red Hat several times. FBPC2 is a huge RH deployment. Future Combat System (FCS) is apparently also going to RHEL.
General Justice is a very engaging and entertaining speaker. By all means, if you get a chance to here him speak, do it. He is one of the few high level military people who runs Linux on is laptop.
Andre Boisvert of Pentaho SW (formerly at Oracle, IBM and SAS institute)
Discussed how he had worked at various proprietary, closed source companies and has invested money in 3 new ventures using only open source.
Self policing of quality, security
Pentaho provides OSS business intelligence including ETL, OLAP etc
Zenoss provides OSS Systems management based on Python
Compiere for OSS ERP SW
Described OSS as a "disruptive force in the SW industry."
KS Shanker of IBM Federal
discussed the security aspects of open source and how he took the linux community through the Common Criteria eval process even though they didn't think it mattered originally.
David Wheeler of Institute for Defense Analysis discussed the security aspects of OSS
Vendor lockin = a security problem.
Open design is a fundamental in creating a secure systems
"Would the Trojan Horse have worked if it had been made of glass?"
Not ALL OSS is secure:
Developers need to have security skills
Needs to be widely used and reviewed
Problems must be fixed on demand when found.
When I asked him when IBM was going to release its huge software portfolio (Tivoli, z-OS, ClearCase, AIX, WebSphere) to the open source community, he responded by pointing out that Websphere has incorporated Apache as its web server. That sound to me like taking from the OSS community rather than giving.
Booz Allen Hamilton rep discussed the use of an Open Source Security Test Methodology.