PaaS and Three Cruelties of Federal IT

The MeriTalk "PaaS or Play" study says 70% of Federal agencies are considering PaaS, and 40% expect to be using it in the next three years. That's great for PaaS, and great for OpenShift, my company's PaaS... but it's a little strange. We think of PaaS as something developers use, and very few of these … Continue reading PaaS and Three Cruelties of Federal IT →

US Department of Defense’s public domain archive to be privatized, locked up for ten years

DOD pays a company to digitize its assets, and people come to the wrong conclusion.

Hellekson’s Law: DOD Edition

Dan Risacher of the DOD CIO's office applies Hellekson's Law to the DOD Open Source policy, and I am flattered.

Shame, Irony, and the Littoral Combat Ship.

A Navy team of computer hacking experts found some deficiencies when assigned to try to penetrate the network of the USS Freedom, the lead vessel in the $37 billion Littoral Combat Ship program, said the official, who spoke on condition of anonymity. – Reuters I have no particular love for the LCS program, but this … Continue reading Shame, Irony, and the Littoral Combat Ship. →

Risacher unleashed!

Dan Risacher from the DOD CIO's office is now blogging. Finally.

Acquisition Lifecycle Chart for the DOD

A companion to the certification and accreditation process.

History of Open Source in Government

[This is a writeup I did as a companion to the History of Open Source in Government Timeline. Karl Fogel and I will be presenting more findings from the timeline at OSCON this year.] It is difficult to imagine the Federal government moving in one well-coordinated direction on any matter, and so it has been … Continue reading History of Open Source in Government →

FedRAMP for the impatient.

FedRAMP is how clouds will be authorized for use in the Federal government. With it, the government to authorize a cloud for use just once, instead of forcing each agency to authorize the same cloud over and over. The FedRAMP program office published a CONOPS document, which sketches out how everything will work. It's tedious. … Continue reading FedRAMP for the impatient. →

DISA releases IAVA-to-CVE mapping

The DOD keeps its own catalog of system vulnerabilities, the IAVM. You can think about this as the computer security alerting system for the DOD. If you get an IAVM, it will tell you what the vulnerability is, how critical it is, and if you need to patch it immediately. The rest of the world … Continue reading DISA releases IAVA-to-CVE mapping →

DOD Open Technology Development Guide Released!

The DOD's second Open Technology Development Roadmap has been released: "Open Technology Development: Lessons Learned and Best Practices". It's a handbook for using and making open source in the DOD and the US Government, sponsored by the Secretary of Defense. It provides practical advice on policy, procurement, and good community governance, all under a Creative … Continue reading DOD Open Technology Development Guide Released! →