Open Source Software in the US Government & Military. Joshua L. Davis joshua.davis@gtri.gatech.edu

Transcription

1 Open Source Software in the US Government & Military Joshua L. Davis

2 Gov IT Spending Trends

3 Referenceh(p:// Reference: h*p://

4 The Current State Gov IT $79.5b IT Budget for Fy12 0.7% decrease for Fy13 $6.5b for security: 8% Industry averages 15-20% Do more with less and make it secure! Increasing security requirements for government Cyberscope, FedRamp Unique market, additional requirements Little reuse of GOTS solutions Complete redesigns common New contract = new solution

5 Fy11 Federal Spending Virtualized Service 3% SaaS 9% Hardware 32% So9ware 56%

6 Open Source Software Free Software Libre Software Free/Open Source Software (FOSS or F/OSS) Free/Libre/Open Source Software (FLOSS)

7

8 Remember to think of! free as in free speech, not as in free beer!! Richard M. Stallman! (1996)!

9

10 Non-Commercial Software Freeware Shareware Open Source Software

11 Open Architecture Open System Open Interface/Standard/Format Open Source Software

12 Open Source Software "software for which the humanreadable source code is available for use, study, reuse, modification, enhancement, and re-distribution by the users of that software"* *Reference: 16 October 2009 memorandum from the DoD CIO, "Clarifying Guidance Regarding Open Source Software (OSS)"

13

14

15 Mil-OSS connects and empowers an active community of civilian and military open source software and hardware developers across the United States. This grassroots movement is a collection of diverse patriots that work for and with the Department of Defense and believe in adopting open technology innovation philosophies to effectively defend our nation.

16

17

18

19 19

20 USER CANNOT CLEAN, FIX, MODIFY, OR UPGRADE

21 Reference: h(p://

22 USER CANNOT CLEAN, FIX, MODIFY, OR UPGRADE Reference: h(p://

23

24 COMPROMISED SUPPLY CHAIN UNCOMPROMISED SUPPLY CHAIN Reference: h(p://

25

26

27

28

29

30

31 The Na:onal Cyber Security Division mission is to work collabora=vely with public, private and internajonal enjjes to secure cyberspace and America s cyber assets

32 Reference: h(p://

33 Referenceh(p:// Reference: h*p://

34 Homeland Open Security Technology is a research program applying open source software concepts and technologies to improve national cybersecurity DISCOVERY COLLABORATION INVESTMENT Priority to Federal, State and local governments

35 HOST DISCOVERY Identify existing resources, methods, techniques, practices l Challenges and Opportunities for Open Source Software in U.S. Government l Open Security Catalog/Inventory l OpenCyberSecurity.org Information Portal

36 Software Catalog/Inventory 2001 Mitre DoD Open Source Study Currently no idea what OS is being used in civilian government Survey of what open source is being used and what solutions are available What is being used and working in government What solution have received certification What gaps exist? There are lots excellent existing solutions, over 250 in 12 categories

37 HOST COLLABORATION Establish the Open Security Community OpenCyberSecurity.org Information Portal Outreach Events l l l l l Open Source Software Policy Open Source Software Training Round Tables Summit l Community Outreach l l Open Web Application Security Project (OWASP) SleuthKit

38

39

40 Google Group: open_sec!

41

42 What is OpenCyberSecurity.org? Access to an evolving ecosystem of open source software (OSS) innovation, communities, and methodologies A marketplace of government and security relevant OSS based technologies Unique cross section of OSS and security information resource

43

44

45

46

47 47

48

49 49

50

51 How do I benefit from OpenCyberSecurity.org? Marketplace of technologies and vendors Resource for relevant use case studies Aggregated policy and adoption resources Security relevant news and events Contribute projects, services, and use cases

52 HOST INVESTMENT Contribute seed investments in advanced R&D activities that produce sustainable project communities through broad adoption by public and private-sector use and support l l l l Suricata IDS/IPS Engine FIPS Validated OpenSSL OWASP City of Portland Pilot

53 Getting Involved in HOST CollaboraJve Investments Contribute projects, vendor info, and use cases Suggest projects, investments, and/or case studies Please join Open Security Community! Please visit our site soon at opencybersecurity.org

54 Open Source Software in the US Government & Military Joshua L. Davis filename - 54