Submission + - Military enlists open source community (networkworld.com)
jmwci1 writes: "The U.S. Defense Department is enlisting an open source approach to software development — an about-face for such a historically top-down organization.
In recent weeks, the military has launched a collaborative platform called Forge.mil for its developers to share software, systems components and network services. The agency also signed an agreement with the Open Source Software Institute to allow 50 internally developed workforce management applications to be licensed to other government agencies, universities and companies."
In recent weeks, the military has launched a collaborative platform called Forge.mil for its developers to share software, systems components and network services. The agency also signed an agreement with the Open Source Software Institute to allow 50 internally developed workforce management applications to be licensed to other government agencies, universities and companies."
Bookmark DISA makes software collaboration agreement (fcw.com)
Comment Re:Please list the LibTom projects in question . . (Score 2, Informative) 51
From the Too-much-information-for-those-who-do-not-wish-to- hear-it file:
The DoD policy which requires the FIPS validation process for programs such as OpenSSL is the National Security Telecommunication and Information Systems Security Policy Number 11 (NSTISSP No. 11). Overview can be found here: http://www.enpointe.com/security/pdf/nstissp11_fac tsheet2.pdf
In short, it states that for govt/DoD to purchase/acquire any Information Assurance (IA) or IA-enabled products, they must pass through the appropriate validation process (Federal Information Processing Standards-FIPS, or Common Criteria-CC).
On a technical side, the validation process only verifies that the product performs as designed/advertised. It simply verifies or validates the products claims.
From an acquisition/implementation side, it is critically important because it is "required" if a product is to used within specified DoD systems. It is the check in the box which even allows a product to be openly considered within these stringent environments.
Does this mean that there are such programs running inside DoD/govt environments which have not gone through such validation efforts...sure there are. Until now, OpenSSL was one of those products.
But, to promote and encourage the open adoption of open source programs, such as OpenSSL or Linux (of which both RH and SuSE have passed through CC), then they must pass through the same tests as other similar (most of the time proprietary) product offerings. We (in the Open Source Community) talk about wanting a "level playing field," well this is part of that process of achieving it. A level playing field is a two-edged sword, so if that's what you want, which we do, then you've got to take the challenges along with the opportunities. Those are the rules.
regards,
jmw
The DoD policy which requires the FIPS validation process for programs such as OpenSSL is the National Security Telecommunication and Information Systems Security Policy Number 11 (NSTISSP No. 11). Overview can be found here: http://www.enpointe.com/security/pdf/nstissp11_fa
In short, it states that for govt/DoD to purchase/acquire any Information Assurance (IA) or IA-enabled products, they must pass through the appropriate validation process (Federal Information Processing Standards-FIPS, or Common Criteria-CC).
On a technical side, the validation process only verifies that the product performs as designed/advertised. It simply verifies or validates the products claims.
From an acquisition/implementation side, it is critically important because it is "required" if a product is to used within specified DoD systems. It is the check in the box which even allows a product to be openly considered within these stringent environments.
Does this mean that there are such programs running inside DoD/govt environments which have not gone through such validation efforts...sure there are. Until now, OpenSSL was one of those products.
But, to promote and encourage the open adoption of open source programs, such as OpenSSL or Linux (of which both RH and SuSE have passed through CC), then they must pass through the same tests as other similar (most of the time proprietary) product offerings. We (in the Open Source Community) talk about wanting a "level playing field," well this is part of that process of achieving it. A level playing field is a two-edged sword, so if that's what you want, which we do, then you've got to take the challenges along with the opportunities. Those are the rules.
regards,
jmw
Slashdot Top Deals
"Just think, with VLSI we can have 100 ENIACS on a chip!" -- Alan Perlis
