What "open source first" really means for a government agency.
If you're selling software, or working on an open source project that might be used by the government, there's a lot of homework you can do to make things easier for everyone. I get asked about this a lot, so I made this list.
The MeriTalk "PaaS or Play" study says 70% of Federal agencies are considering PaaS, and 40% expect to be using it in the next three years. That's great for PaaS, and great for OpenShift, my company's PaaS... but it's a little strange. We think of PaaS as something developers use, and very few of these … Continue reading PaaS and Three Cruelties of Federal IT
I try to make some sense of Aaron Swartz and Jodie Lane's death.
I'm accustomed to a certain amount of bluster and grim cynicism when I talk to customers. It's a bad time to be running an IT shop these days, especially in government. Even before we meet, my relationship with a customer is already strained: I'm a vendor, and most vendors have only two interests: 1) the … Continue reading IT as Manufacturing
This year, I've been on over a 120 airplanes and travelled nearly 100,000 miles. I am on a first-name basis with gate agents. It's been like this for the last seven years. I am perversely proud of it. Here's what I've learned. Marry Your Vendors Don't spread your love around like a strumpet. Pick an … Continue reading How to Travel Like a Neurotic Pro
The dozens of software projects launched in the wake of Google's Big Table and Map Reduce papers have changed the way we handle large datasets. Like many organizations, the NSA began experimenting with these "big data" tools and realized that the open source implementations available at the time were not addressing some of their particular needs. They decided to embark … Continue reading The Accumulo Challenge, Part I
FedRAMP is how clouds will be authorized for use in the Federal government. With it, the government to authorize a cloud for use just once, instead of forcing each agency to authorize the same cloud over and over. The FedRAMP program office published a CONOPS document, which sketches out how everything will work. It's tedious. … Continue reading FedRAMP for the impatient.
The DOD keeps its own catalog of system vulnerabilities, the IAVM. You can think about this as the computer security alerting system for the DOD. If you get an IAVM, it will tell you what the vulnerability is, how critical it is, and if you need to patch it immediately. The rest of the world … Continue reading DISA releases IAVA-to-CVE mapping
This is an expanded version of a document that I wrote for Red Hat internally. I'm now sharing it with all of you because I find myself reciting this information at least once a week. I hope you enjoy it. Please keep in mind that I'm not a lawyer, DAA, or procurement officer. All the … Continue reading A Common Criteria Primer