The Open Security Technology program at DHS can help with stuff like Heartbleed. They're underfunded.
FedRAMP is how clouds will be authorized for use in the Federal government. With it, the government to authorize a cloud for use just once, instead of forcing each agency to authorize the same cloud over and over. The FedRAMP program office published a CONOPS document, which sketches out how everything will work. It's tedious. … Continue reading FedRAMP for the impatient.
“A collaborative, analysis-based approach that leverages the implementation of robust enterprise governance, cross-enterprise portfolio governance, together with segment enterprise architecture, is imperative to ensuring IT efficiently and effectively supports the mission and business functions of a government agency,” DHS Chief Information Officer Richard Spires told a House committee on Friday morning (full transcript below). “A … Continue reading The Open Source Shared First Opportunity: > $1.2 Billion
The adorably named "Snort" project has been the mainstay of open source intrusion detection systems for as long as I can remember. The success of Snort and its commercial wing, SourceFire, is one of the early successes of open source, especially in security. On July 5th, the Open Information Security Foundation, a consortium of companies and … Continue reading Open Source Pork