Institute for Defense Analyses. Open Source Software in Government: Challenges and Opportunities David A. Wheeler (IDA) & Tom Dunn (GTRI)
|
|
- Augustus Houston
- 8 years ago
- Views:
Transcription
1 Institute for Defense Analyses Open Source Software in Government: Challenges and Opportunities David A. Wheeler (IDA) & Tom Dunn (GTRI)
2 Outline Introduction Inertia Fears about low quality or malware Concerns about commercial support and warranties Procurement Certification & Accreditation Standards / Interoperability Challenges to the release of code from government Need for guidance Need for education 2
3 Introduction Homeland Open Security Technology (HOST) is a DHS project, focusing on: Discovery Collaboration Investment GTRI and IDA conducted interviews to identify impediments, lessons learned, & recommendations on open source software (OSS) in government We talked with OSS experts, OSS suppliers, and OSS consumers (contractors/integrators and government employees) Categories created from what interviewees said (not pre-created set) Presentation is a subset of the paper Formerly titled Lessons Learned 3 HOST info at:
4 Inertia Fear of change We haven t done it that way before High transition costs inhibit switching to anything else Lack of government software expertise Ignore / don t know current policies Policies are used as weapons in office politics 4
5 Fears about low quality or malware There is a concern over the ease of getting malware into OSS. Actually, it s pretty easy to get malware into proprietary software too. [OSS is unique in that it gives complete visibility into the supply chain.] Just because you cannot [review] the source [of proprietary software] does not mean the software is safe... I would rather know where it came from so I know what to target in my evaluation. 5
6 Concerns about commercial support and warranties perception that [OSS] will not have any support or anyone to call Often not hard to find someone to support OSS, but it is not as easy as with commercial [proprietary] software that comes with support built in. Having people understand the business model is the problem. 6
7 Procurement Wrong incentives within government and contractors Government program offices are dis-incentivized to reuse and collaboratively develop software Reduced government headcount threatens people s status & rank Contractors do not want to share with each other they see that as a detriment, it affects follow-on contract likelihood. When developing new, a contractor can charge a whole lot more what s the incentive to buy or reuse stuff? Difficult to sustain investment in infrastructure or OSS Acquisition process mismatches typical OSS business model Many OSS companies give away software, sell support Procurement paperwork impedes small businesses the government artificially inflates the cost of software, with unnecessary flaming hoops to jump through & The [government] paperwork burden is obscene 7
8 Procurement (2) OSS does not cost enough we tend to throw out [the] most expensive and least expensive and only deal with folks in the middle, ignoring lower-priced approaches a cultural thing of you get what you pay for. If you aren t spending millions of dollars [others believe] you aren t being serious about the problem. Concerns about GNU General Public License (GPL) Requirements inflexibility Section 508 accessibility Trouble keeping up with COTS/OSS development speed The OSS development model is based on a very fast, evolutionary cycle... In government additional requirements require [extended review] Solution: Require in contracts that contractors share & provide full rights in software they develop Solution: Release government-funded software as OSS by default 8
9 Certification & Accreditation (C&A) Some like the clear, specific requirements of government security requirement specifications Government security specifications inflexible even one tiny, little thing can block [a program s] adoption [widely-used and commercially accepted software] may lack something required by government policy, such as DoD Common Access Card (CAC) card support, X.509 support, or FIPS validation you may need to purchase a [proprietary] clone just to comply with policy even if the alternative doesn t add any value in its situation Accrediting Authorities should do risk management, not delegate to processes Need to share/co-develop C&A and Authority to Operate (ATO) information C&A cost barriers to entry Include OSS projects when creating specifications 9
10 Standards / Interoperability Standards can enable competition The de facto standard becomes one particular vendor. [I recommend that government, both federal and not,] adopt as many standards as possible [and] become vendor agnostic. Then OSS can conform to the standard, and it puts them in the game Open standards simplify integration Anything standards compliant easily federates; [a product that] uses all open standards is easier to integrate. Important government role [A] great role the government can play is [in] setting standards. They can hire people who know security very well, and run a committee for a long time to create a good standard. 10
11 Challenges to release of code from government Fear that a release obligates the government to support it or use its derivatives Attribution of government employees sometimes considered unacceptable Export control and other policies make contributing to the public too slow Government creates too many project forks Difficult to release government code even within government Need a default-open government forge not just a depository 11
12 Need for guidance Need guidance on evaluating and selecting OSS Need guidance for contributing back to OSS community Need guidance about releasing government-funded OSS 12
13 Need for education General OSS education In terms of [OSS] use, the barriers are most typically education. People have a lack of information. Intellectual rights and OSS license education There is an utter lack of knowledge on copyright. [OSS] licensing is an issue because people don t understand it Procurement education One OSS supplier was forced to become an expert in procurement, security, [the supplier is] educating the Contracting Office & COTR Certification & Accreditation (C&A) education Nobody understands the C&A process. FISMA is all about teaching the customer. [e.g., teaching them] the difference between certification and accreditation is crucial. 13 Widespread comments about the need for education
14 Conclusions To maximally use its limited resources, the U.S. government must address these challenges to reduce the unnecessary barriers to the use and development of OSS Education/guidance Increased transparency / openness Many interviewees stressed requiring software and C&A materials developed with government funding be maximally: shared and developed collaboratively provide full data rights to the government (unless it can be justified that fewer rights benefit the government as a whole) release such software as OSS by default 14
15 Questions? If you want the report when it comes out, hq.dhs.gov (HOST address) Author contacts: Tom Dunn Georgia Tech Research Institute (GTRI) (757) gtri. gatech. edu Dr. David A. Wheeler Institute for Defense Analyses (IDA) (703) ida. org 15
16 Backups 16
17 Potential Investments Secure, Certified Software Stacks with Government "Seal of Approval OSS Authentication modules Biometrics OSS Identity management Windows SSH Client with full CAC support (OpenSSH/PuTTY CAC) Secure Government Dropbox curl FIPS crypto Full S/MIME Stack with Web-Mail OSS full disk encryption with HSPD- 12 Support Government Operating System Distribution Android, esp. security capabilities Enterprise App Store Digital Forensics Hosting resources Summer of C&A / Release C&A/ FISMA documentation as OSS Tournament Labs Joint Government/Industry Consortium Add OSS to DAU Curriculum OSS Information Assurance Tools Static Code Analysis Fuzzers 17 Database of curated bugs
18 History of presentation This presentation is an update to the previous presentation HOST Lessons Learned Given at MIL-OSS, Document was previously titled Lessons Learned 18
Open Source Software in Government: Challenges and Opportunities
Open Source Software in Government Challenges and Opportunities August 2013 Open Source Software in Government: Challenges and Opportunities Dr. David A. Wheeler, Institute for Defense Analyses (IDA)
More informationAn Operational Architecture for Federated Identity Management
An Operational Architecture for Federated Identity Management March 2011 Implementing federated identity management and assurance in operational scenarios Federated Identity Solution The Federated identity
More informationHomeland Open Security Technology (HOST)
CYBER SECURITY DIVISION 2013 PRINCIPAL INVESTIGATORS MEETING Homeland Open Security Technology (HOST) Daniel Massey Program Manager CSD September 16, 2013 Connecting GovIT with Open Security Solutions
More informationTable of contents. Best practices in open source governance. Managing the selection and proliferation of open source software across your enterprise
Best practices in open source governance Managing the selection and proliferation of open source software across your enterprise Table of contents The importance of open source governance... 2 Executive
More informationSupporting FISMA and NIST SP 800-53 with Secure Managed File Transfer
IPSWITCH FILE TRANSFER WHITE PAPER Supporting FISMA and NIST SP 800-53 with Secure Managed File Transfer www.ipswitchft.com Adherence to United States government security standards can be complex to plan
More informationSolving the Online File-Sharing Problem Replacing Rogue Tools with the Right Tools
White Paper Solving the Online File-Sharing Problem Replacing Rogue Tools with the Right Tools Introduction The modern workforce is on the hunt for tools that help them get stuff done. When the technology
More informationInformation Security. Annual Education 2014. Information Security. 2014 Mission Health System, Inc.
Annual Education 2014 Why? Protecting patient information is an essential part of providing quality healthcare. As Mission Health grows as a health system and activities become more computerized, new information
More informationWhy Do Software Selection Projects Fail?
Why Do Software Selection Projects Fail? 2012 Solutions All rights reserved Charles C. Chewning, Jr. cchewning@accountinglibrary.com http://www.accountinglibrary.com/ Why Do Software Selection Projects
More informationSIGNIFICANT CHANGES DOCUMENT
SIGNIFICANT CHANGES DOCUMENT Descriptive Title Schedule 70_MassModification_Health IT SIN Significant Changes Disclaimer Language DISCLAIMER: GSA FAS is posting this notification of a planned solicitation
More informationFederal Risk and Authorization Management Program (FedRAMP)
Federal Risk and Authorization Management Program (FedRAMP) NIST June 5, 2013 Matt Goodrich, JD FedRAMP, Program Manager Federal Cloud Computing Initiative OCSIT GSA What is FedRAMP? FedRAMP is a government-wide
More informationOFFICE OF THE INSPECTOR GENERAL SOCIAL SECURITY ADMINISTRATION
OFFICE OF THE INSPECTOR GENERAL SOCIAL SECURITY ADMINISTRATION CONTRACTOR SECURITY OF THE SOCIAL SECURITY ADMINISTRATION S HOMELAND SECURITY PRESIDENTIAL DIRECTIVE 12 CREDENTIALS June 2012 A-14-11-11106
More informationSTATEMENT OF. Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration
STATEMENT OF Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration BEFORE THE HOUSE COMMITTEE ON HOMELAND SECURITY SUBCOMMITTEE
More informationHow Purchasing Software Streamlined Growth Management for Rose Country Developments
PROCURIFY.com Customer Success: Rose Country Developments How Purchasing Software Streamlined Growth Management for Rose Country Developments We interviewed: Roderick Borduzak, Purchasing Manager at Rose
More informationISSUE BRIEF. Cloud Security for Federal Agencies. Achieving greater efficiency and better security through federally certified cloud services
ISSUE BRIEF Cloud Security for Federal Agencies Achieving greater efficiency and better security through federally certified cloud services This paper is intended to help federal agency executives to better
More informationOpen Source Software (OSS) and Total Cost of Ownership (TCO)
Institute for Defense Analyses 4850 Mark Center Drive Alexandria, Virginia 22311-1882 Open Source Software (OSS) and Total Cost of Ownership (TCO) GOSCON 2011 Dr. David A. Wheeler Open Source Software
More informationCoSign by ARX for PIV Cards
The Digital Signature Company CoSign by ARX for PIV Cards Seamless and affordable digital signature processes across FIPS 201-compliant systems Introduction to Personal Identity Verification (PIV) In response
More informationc University of Oxford This document is licensed under http://creativecommons.org/licenses/by-sa/2.0/uk/
c University of Oxford This document is licensed under http://creativecommons.org/licenses/by-sa/2.0/uk/ Outline 1 2 3 4 ... Welcome Who is talking to you? Information Manager for Oxford University Computing
More informationDriving Safely on Information Highway. April 2006
Driving Safely on Information Highway April 2006 Agenda FIPS 201 and PK enabling Challenges of PK enabling Ways to meet the challenges PKIF Webcullis (demo) TrustEnabler (demo) FIPS 201 unique PK enabling
More informationAssessment of Software for Government
Version 1.0, April 2012 Aim 1. This document presents an assessment model for selecting software, including open source software, for use across Government, and the wider UK public sector. 2. It is presented
More informationICT Advice Note - Procurement of Open Source
ICT Advice Note - Procurement of Open Source October 2011 1. Objectives and Context The objective of this document is to provide high level advice on how to ensure open source software is fairly considered
More informationCSPA. Common Statistical Production Architecture Descritption of the Business aspects of the architecture: business models for sharing software
CSPA Common Statistical Production Architecture Descritption of the Business aspects of the architecture: business models for sharing software Carlo Vaccari Istat (vaccari@istat.it) Index Costs categories
More informationCloud Security for Federal Agencies
Experience the commitment ISSUE BRIEF Rev. April 2014 Cloud Security for Federal Agencies This paper helps federal agency executives evaluate security and privacy features when choosing a cloud service
More informationCommunity Futures Management Consultant in a Box
Community Futures Management Consultant in a Box Strategic Business Planning Purpose of this Document The purpose of this document is to provide you with the process that a management consultant would
More informationE X E C U T I V E O F F I CE O F T H E P R E S I D EN T
EXECUTIVE OFFICE OF THE PRESIDENT OFFICE OF MANAGEMENT AND BUDGET WASHINGTON, D.C. 20503 THE DIRECTOR M-05-24 August 5, 2005 MEMORANDUM FOR THE HEADS OF ALL DEPARTMENTS AND AGENCIES FROM: SUBJECT: Joshua
More informationYour Open Source Investment Know. Manage. Protect.
Using open source software provides a compelling business case, but if companies violate the software s licenses, the consequences can be more severe than they think. Open Source Risk Management s services
More informationMembership Management System
Text Membership Management System Business Case & Organization Impact Current Issues Too many systems that don t talk together Banking Solutions Web Site Hosting & Email Newsletter & Events Shared Documents
More informationSeven Simple steps. For Mobile Device Management (MDM) 1. Why MDM? Series
Series Seven Simple steps For Mobile Device Management (MDM) Mobile device management (MDM) has become a necessity across the globe due to the ever expanding and developing world of technology; Technavio
More informationOpen Source and Open Source Business Models
Open Source and Open Source Business Models Session 9 Course Product Software Prof.dr. Sjaak Brinkkemper Dr. Slinger Jansen Aim: To provide insight into the multitude of methods that exist for product
More informationIs Your Identity Management Program Protecting Your Federal Systems?
Is Your Identity Management Program Protecting Your Federal Systems? With the increase in integrated, cloud and remote technologies, it is more challenging than ever for federal government agencies to
More informationEnabling Secure, Diverse Communications for B2B and B2C Organizations
WHITE PAPER Enabling Secure, Diverse Communications for B2B and B2C Organizations Introduction The ability to communicate with customers and business partners quickly, effectively and securely is crucial
More informationThe Corporate Counsel s Guide to Open Source Software Policy Implementation
The Corporate Counsel s Guide to Open Source Software Policy Implementation How to Protect the Enterprise from Risk while Helping Your Company More Efficiently Develop and Maintain Applications Black Duck
More informationMaking Endpoint Encryption Work in the Real World
Endpoint Data Encryption That Actually Works The Essentials Series Making Endpoint Encryption Work in the Real World sponsored by Ma king Endpoint Encryption Work in the Real World... 1 Th e Key: Policy
More informationOpen Source Software: Recent Developments and Public Policy Implications. World Information Technology and Services Alliance
December 2004 Open Source Software: Recent Developments and Public Policy Implications Open source software has become a topic of great interest in the press and among policymakers. Open source software
More informationSolving the Security Puzzle
Solving the Security Puzzle How Government Agencies Can Mitigate Today s Threats Abstract The federal government is in the midst of a massive IT revolution. The rapid adoption of mobile, cloud and Big
More informationFree Software Foundation recommendations for free operating system distributions considering Secure Boot
Free Software Foundation recommendations for free operating system distributions considering Secure Boot John Sullivan Executive Director June 30, 2012 1 1 Introduction We have been working hard the last
More informationMobile Device Management (MDM) Policies. Best Practices Guide. www.maas360.com
Mobile Device Management (MDM) Policies Best Practices Guide www.maas360.com Copyright 2014 Fiberlink Communications Corporation. All rights reserved. This document contains proprietary and confidential
More informationHow to pick ediscovery software
How to pick ediscovery software WWW.CSDISCO.COM How to pick ediscovery software Here, from most important to least, are the factors you should consider in picking ediscovery software: 1 SPEED The most
More informationWhy Your SIEM Isn t Adding Value And Why It May Not Be The Tool s Fault. Best Practices Whitepaper June 18, 2014
Why Your SIEM Isn t Adding Value And Why It May Not Be The Tool s Fault Best Practices Whitepaper June 18, 2014 2 Table of Contents LIVING UP TO THE SALES PITCH... 3 THE INITIAL PURCHASE AND SELECTION
More informationSecurity Trends and Client Approaches
Security Trends and Client Approaches May 2010 Bob Bocchino, CISA ERM Security and Compliance Business Advisor IBU Technology Sales Support Industries Business Unit, Technology Sales Support 1 Mark Dixon
More informationMobile Device Management (MDM) Policies
Mobile Device Management (MDM) Policies Best Practices Guide Copyright 2012 Fiberlink Communications Corporation. All rights reserved. Information in this document is subject to change without notice.
More informationManaging Mobile Devices in a Device-Agnostic World Finding and Enforcing a Policy That Makes Business Sense
SAP White Paper SAP Partner Organization Mobile Device Management Managing Mobile Devices in a Device-Agnostic World Finding and Enforcing a Policy That Makes Business Sense Table of Content 4 Mobile Device
More informationSUPPLY CHAIN FINANCE. Extracting value from the supplier tail. A Purchasing Insight report in collaboration with Invapay
SUPPLY CHAIN FINANCE Extracting value from the supplier tail A Purchasing Insight report in collaboration with Invapay Supply Chain Finance and Working Capital Management are important tools for any business
More informationCard Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006
Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates September 2006 Copyright 2006 Entrust. All rights reserved. www.entrust.com Entrust is a registered trademark
More informationInternet Security Alliance Proposal for A 21 st Century Social Contract: A Sustainable Program of Cyber Security lclinton@isalliance.
Internet Security Alliance Proposal for A 21 st Century Social Contract: A Sustainable Program of Cyber Security lclinton@isalliance.org I. ISA---A trade association/collaborations with Carnegie Mellon
More informationApril 28, 2014. Ms. Hada Flowers Regulatory Secretariat Division General Services Administration 1800 F Street, NW, 2 nd Floor Washington, DC
April 28, 2014 Ms. Hada Flowers Regulatory Secretariat Division General Services Administration 1800 F Street, NW, 2 nd Floor Washington, DC RE: Information Technology Sector Coordinating Council (IT SCC)
More informationHow To Choose A Search Engine Marketing (SEM) Agency
How To Choose A Search Engine Marketing (SEM) Agency Introduction During the last four years, in both good and bad economies, Search Engine Marketing (SEM) has continued to grow. According to MarketingSherpa
More informationSeeing Though the Clouds
Seeing Though the Clouds A PM Primer on Cloud Computing and Security NIH Project Management Community Meeting Mark L Silverman Are You Smarter Than a 5 Year Old? 1 Cloud First Policy Cloud First When evaluating
More informationOpen Source and the New Software Supply Chain. Mark Tolliver, CEO Palamida Inc.
Open Source and the New Software Supply Chain Mark Tolliver, CEO Palamida Inc. Could You Sign This? Typical Software Project Metrics 2.9 GB 87,863 Files 8,535,345 LOC Copyright holders ~350 Archives 178
More informationRisks and Rewards of Open Source Software. 13 July 2011
Risks and Rewards of Open Source Software 13 July 2011 David Sisk Deloitte Consulting Bio Current Education Previous Experience Joined Deloitte in 2005 Designed and code Java Application Development Framework
More informationDepartment of Justice Drug Enforcement Administration Attention: DEA Federal Register Representative/ODL 8701 Morrissette Drive Springfield, VA 22152
May 28, 2010 Department of Justice Drug Enforcement Administration Attention: DEA Federal Register Representative/ODL 8701 Morrissette Drive Springfield, VA 22152 Docket No. DEA-218 21 CFR Parts 1300,
More informationGOALS (2) The goal of this training module is to increase your awareness of HSPD-12 and the corresponding technical standard FIPS 201.
PERSONAL IDENTITY VERIFICATION (PIV) OVERVIEW INTRODUCTION (1) Welcome to the Homeland Security Presidential Directive 12 (HSPD-12) Personal Identity Verification (PIV) Overview module, designed to familiarize
More informationCloud Computing in Vermont State Government
Cloud Computing in Vermont State Government Analysis of Opportunities Duncan Goss, Legislative Director of Information Technology David Tucker, State CIO Introduction Legislation passed during the 2009
More informationLeveraging the Cloud for Smarter Development On Oilfields; What Does that Entail? Kevin Wagner, Director - Energy
Leveraging the Cloud for Smarter Development On Oilfields; What Does that Entail? Kevin Wagner, Director - Energy Covisint Overview Cloud platform enabling organizations with complex business relationships
More informationPiloting Supply Chain Risk Management Practices for Federal Information Systems
Piloting Supply Chain Risk Management Practices for Federal Information Systems Marianne Swanson Computer Security Division Information Technology Laboratory Agenda Terms and Background Implementing Supply
More informationNERC CIP Ports & Services. Part 2: Complying With NERC CIP Documentation Requirements
NERC CIP Ports & Services Part 2: Complying With NERC CIP Documentation Requirements White Paper FoxGuard Solutions, Inc. November 2014 Defining Ports And Services In part 2 of our Ports and Services white
More informationRising to the Challenge
CYBERSECURITY: Rising to the Challenge Dialogues with Subject Matter Experts Advanced persistent threats. Zero-day attacks. Insider threats. Cybersecurity experts say that if IT leaders are not concerned
More informationThe Business Value of Managed Security Services
The Business Value of Managed Security Services SilverSky 440 Wheelers Farm Road Suite 202 Milford CT 06461 silversky.com 2013 SilverSky P.2 The Business Value of Managed Security Services Contents Abstract...
More informationGOING MOBILE. Developing an application mobilization plan for your business
GOING MOBILE Developing an application mobilization plan for your business plan for your business 1 Going Mobile To compete in today s marketplace, it s not enough to be efficient on your home turf. Successful
More informationFREE YOUR MIND http://freeyourmindonline.net. Stop House Repossession
FREE YOUR MIND http://freeyourmindonline.net Stop House Repossession The purpose of this report is to open the curtains on the mortgage industry and give regular people in depth insights on foreclosure
More informationSTATEMENT OF. Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration
STATEMENT OF Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration BEFORE THE HOUSE SCIENCE, SPACE AND TECHNOLOGY COMMITTEE SUBCOMMITTEE
More information::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Trends
Quarterly Cybersecurity BILT Meeting October 10, 2012 Meeting Minutes ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Trends Stephen
More informationHow Can Central IT Use Cloud Technologies to Revolutionize Remote Store Operation?
SOLUTION BRIEF CA APPLOGIC CLOUD PLATFORM FOR ENTERPRISE How Can Central IT Use Cloud Technologies to Revolutionize Remote Store Operation? agility made possible CA AppLogic combines applications, virtual
More informationSOFTWARE LICENCE MANAGEMENT
SOFTWARE LICENCE MANAGEMENT MANAGING SOFTWARE COMPLIANCE AND COSTS DOESNʼT HAVE TO BE DIFFICULT Software Lifecycle Services from Computacenter Managing software compliance and costs doesnʼt have to be
More informationBest Practices in ICS Security for System Operators. A Wurldtech White Paper
Best Practices in ICS Security for System Operators A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security
More informationThe GlobalCerts TM SecureMail Gateway TM
Glob@lCerts PRODUCT OVERVIEW: The GlobalCerts TM SecureMail Gateway TM Automatic encryption and decryption is unique to the SecureMail Gateway. The GlobalCerts SecureMail Gateway is based on a network
More informationCloud Computing Security Issues
Copyright Marchany 2010 Cloud Computing Security Issues Randy Marchany, VA Tech IT Security, marchany@vt.edu Something Old, Something New New: Cloud describes the use of a collection of services, applications,
More information5 Reasons Your Business Needs Network Monitoring
5 Reasons Your Business Needs Network Monitoring Intivix.com (415) 543 1033 5 REASONS YOUR BUSINESS NEEDS NETWORK MONITORING Your business depends on the health of your network for office productivity.
More informationHow To Develop An Application
What is Application Lifecycle Management? David Chappell Sponsored by Microsoft Corporation Copyright 2014 Chappell & Associates Defining application lifecycle management (ALM) isn t easy. Different people
More informationState of Medical Device Development. 2015 State of Medical Device Development seapine.com 1
State of Medical Device Development 2015 2015 State of Medical Device Development seapine.com 1 Table of Contents Executive Summary.... 3 Key Takeaways...3 Industry Trends... 4 Impediments to Innovation....4
More informationI. Beware of Conflicting Interests 3. II. The Nature of the Home Inspection Profession 5
I. Beware of Conflicting Interests 3 Agent vs Buyer regarding Choice of Inspector 3 3rd Party Code Inspectors on Builder s Payroll 3 Termite Inspectors 4 II. The Nature of the Home Inspection Profession
More informationIngredients of a European business model for certification of EHR systems
Ingredients of a European business model for certification of EHR systems The demographics Health funding impacted by global financial crisis Population expansion volume impact The aging non-working sector
More informationLouis Gudema: Founder and President of Revenue + Associates
The Interview Series - Presented by SmartFunnel Interviews of Sales + Marketing Industry Leaders Louis Gudema: Founder and President of Revenue + Associates PETER: Hello folks this is Peter Fillmore speaking.
More informationDepartment of Homeland Security Management Directive System MD Number: 4900 INDIVIDUAL USE AND OPERATION OF DHS INFORMATION SYSTEMS/ COMPUTERS
Department of Homeland Security Management Directive System MD Number: 4900 INDIVIDUAL USE AND OPERATION OF DHS INFORMATION SYSTEMS/ COMPUTERS 1. Purpose This directive establishes the Department of Homeland
More informationSubject: Public Key Infrastructure: Examples of Risks and Internal Control Objectives Associated with Certification Authorities
United States Government Accountability Office Washington, DC 20548 August 10, 2004 The Honorable Tom Davis Chairman, Committee on Government Reform House of Representatives Dear Mr. Chairman: Subject:
More informationCloudDesk - Security in the Cloud INFORMATION
CloudDesk - Security in the Cloud INFORMATION INFORMATION CloudDesk SECURITY IN THE CLOUD 3 GOVERNANCE AND INFORMATION SECURITY 3 DATA CENTRES 3 DATA RESILIENCE 3 DATA BACKUP 4 ELECTRONIC ACCESS TO SERVICES
More information{Moving to the cloud}
{Moving to the cloud} plantemoran.com doesn t mean outsourcing your security controls. Cloud computing is a strategic move. Its impact will have a ripple effect throughout an organization. You don t have
More informationPolicy Driven Continuous Software Intellectual Property Management
Policy Driven Continuous Software Intellectual Property Management DETECT LOG IDENTIFY REPORT Session # 227 Tuesday 13:30 Room 207 Richard Mayer Protecode Inc. mayer@protecode.com Come see us at Pedestal
More informationThe Game of Hide and Seek, Hidden Risks in Modern Software Development
The Game of Hide and Seek, Hidden Risks in Modern Software Development SESSION ID: ASEC-R02 Ryan Berg CSO Sonatype @ryanberg00 Agenda The changing dynamics surrounding application security Why this is
More informationHomeland Open Security Technology HOST Program
Homeland Open Security Technology HOST Program Informational Briefing August 2011 Sponsored by: U.S. Department of Homeland Security Science and Technology Directorate Implemented by: Open Technology Research
More informationPattern Insight Clone Detection
Pattern Insight Clone Detection TM The fastest, most effective way to discover all similar code segments What is Clone Detection? Pattern Insight Clone Detection is a powerful pattern discovery technology
More informationTop 5 Mistakes Made with Inventory Management for Online Stores
Top 5 Mistakes Made with Inventory Management for Online Stores For any product you sell, you have an inventory. And whether that inventory fills dozens of warehouses across the country, or is simply stacked
More informationGPL, MIT, BSD, GEHC (and me)
GPL, MIT, BSD, GEHC (and me) Introduction to Open Source Therese Catanzariti author reproduce literary employer COPYRIGHT OWNER commission work for hire has the exclusive right to distribute prepare derivatives
More informationTowards a Next- Generation Inter-domain Routing Protocol. L. Subramanian, M. Caesar, C.T. Ee, M. Handley, Z. Mao, S. Shenker, and I.
Towards a Next- Generation Inter-domain Routing Protocol L. Subramanian, M. Caesar, C.T. Ee, M. Handley, Z. Mao, S. Shenker, and I. Stoica Routing 1999 Internet Map Coloured by ISP Source: Bill Cheswick,
More informationAudio: This overview module contains an introduction, five lessons, and a conclusion.
Homeland Security Presidential Directive 12 (HSPD 12) Overview Audio: Welcome to the Homeland Security Presidential Directive 12 (HSPD 12) overview module, the first in a series of informational modules
More informationThe reality was that my client didn t know what the search firm was doing, or if what they were doing was working.
INTRODUCTION WHY LISTEN TO ME? My client paid us thousands of dollars in consulting fees to take a deep dive into the marketing program of their existing search firm and assess whether or not their high
More informationThe Benefits of Equip-Soft CRM, an Industry- Specific Software Provider
Equip-Soft Whitepaper Series: REPORTING IN THE EQUIPMENT DISTRIBUTOR SPACE: The Benefits of Equip-Soft CRM, an Industry- Specific Software Provider The bottom line is when companies work with Equip-Soft
More information2. Each server or domain controller requires its own server certificate, DoD Root Certificates and enterprise validator installed.
Purpose and Scope The purpose of this policy is to define the roles and responsibilities on implementing the Homeland Security Presidential Directive 12 (HSPD-12) Logical Access Control (LAC) throughout
More informationDeveloping Business with the Federal Government through the GSA Schedules Program
Developing Business with the Federal Government through the GSA Schedules Program The Washington Management Group 1990 M Street NW Suite 400 Washington DC 20036 June 2008 hen traveling in a foreign country,
More informationJ David Hester (david.hester@lcgsystems.com), Randy Saeks (rsaeks@gmail.com) & Han Su Kim (hkim823@gmail.com)
MDM Solutions Strengths, Weaknesses, Obstacles, Solutions J David Hester (david.hester@lcgsystems.com), Randy Saeks (rsaeks@gmail.com) & Han Su Kim (hkim823@gmail.com) Nick McSpadden (nick.mcspadden@sacredsf.org)
More informationIs Cloud Computing Inevitable for Lawyers?
Is Cloud Computing Inevitable for Lawyers? by Sharon D. Nelson and John W. Simek 2015 Sensei Enterprises, Inc. Not a single day goes by when you don t hear something about cloud computing. It could be
More informationBest practices for protecting network data
Best practices for protecting network data A company s value at risk The biggest risk to network security is underestimating the threat to network security. Recent security breaches have proven that much
More informationThe Business Value of a Comprehensive All-in-One Data Protection Solution for Your Organization
The Business Value of a Comprehensive All-in-One Data Protection Solution for Your Organization You have critical data scattered throughout your organization on back-office servers, desktops, mobile endpoints
More informationARCHITECT S GUIDE: Mobile Security Using TNC Technology
ARCHITECT S GUIDE: Mobile Security Using TNC Technology December 0 Trusted Computing Group 855 SW 5rd Drive Beaverton, OR 97006 Tel (50) 69-056 Fax (50) 644-6708 admin@trustedcomputinggroup.org www.trustedcomputinggroup.org
More informationOdyssey Access Client FIPS Edition
Odyssey Access Client FIPS Edition Data Sheet Published Date July 2015 Product Overview The need today is greater than ever to ensure that systems are securely configured. Government agencies and secure
More informationOlder savers report: the impact on older people of savings accounts where interest rates have dropped from their initial rate to negligible amounts
All Party Parliamentary Group for Ageing and Older People Older savers report: the impact on older people of savings accounts where interest rates have dropped from their initial rate to negligible amounts
More informationGAO FEDERAL PROPERTY DISPOSAL. Information on DOD s Surplus Property Program
GAO United States General Accounting Office Testimony Before the Subcommittee on Government Management, Information, and Technology, Committee on Government Reform and Oversight, House of Representatives
More informationDIGITAL LEARNING ENVIRONMENT NETBOOK PROGRAM. Frequently Asked Questions
DIGITAL LEARNING ENVIRONMENT NETBOOK PROGRAM Frequently Asked Questions This set of questions and answers is designed to provide parents and students with answers to commonly asked questions about the
More informationThe Ultimate Small Business Guide To Setting Up A Work From Home Or Remote Network Access System For Your Staff
The Ultimate Small Business Guide To Setting Up A Work From Home Or Remote Network Access System For Your Staff Critical Facts And Insider Secrets Every Business Owner Must Know Before Installing A 'Virtual
More informationTransforming the Marketplace: Simplifying Federal Procurement to Improve Performance, Drive Innovation, and Increase Savings
EXECUTIVE OFFICE OF THE PRESIDENT OFFICE OF MANAGEMENT AND BUDGET WASHINGTON, D.C. 20503 OFFICE OF FEDERAL PROCUREMENT POLICY December 4, 2014 MEMORANDUM FOR CHIEF ACQUISITION OFFICERS SENIOR PROCUREMENT
More informationThe role of standards in driving cloud computing adoption
The role of standards in driving cloud computing adoption The emerging era of cloud computing The world of computing is undergoing a radical shift, from a product focus to a service orientation, as companies
More information