GCN calls 2014 the worst year for government open source, and I set fire to London.
This week, Dave and Gunnar talk about Vulcan death grips, death from above, and the death of the open source business model.
On June 3-4, you should be at the Health Datapalooza in DC. On the morning of June 4 at the Westin in DC, I'll be spending the morning with Wyatt Kash at the "Open Path to IT Security Roundtable". I've done one of these for Platform-as-a-Service, and I love it. Having a friendly, relaxed atmosphere … Continue reading This Week: IT Security Roundtable
Dave and Gunnar talk about two-factor, open source health, homomorphism, OpenStack security, and why Dave needs to send flowers to Red Hat Support
A Navy team of computer hacking experts found some deficiencies when assigned to try to penetrate the network of the USS Freedom, the lead vessel in the $37 billion Littoral Combat Ship program, said the official, who spoke on condition of anonymity. – Reuters I have no particular love for the LCS program, but this … Continue reading Shame, Irony, and the Littoral Combat Ship.
Here's a fun1 experiment: take an open source policy from your agency, company, whatever, and strike out the words "open source". Bam, you now have a much more sensible and reasonable "software" policy. When the OMB and DOD declared open source software to be "commercial software," it wasn't a bureaucratic trick to legitimize open source. … Continue reading Open source software policy is better without open source.
Apparently, Shake it Up, a Disney kid's show, has an over-the-top stereotype nerd dispensing computer security advice: Nerd: Did you use open-source code to save time, and the virus was hidden in it? Stupid: Maybe? Nerd: Rookie mistake. Slashdot will, of course, lose its mind, but the real headline is that open source was mentioned in the first … Continue reading Disney sitcom says open source is insecure
In Part I, we discussed the Senate Armed Services Committee (SASC)'s attempt to hobble the open source Accumulo project in the DOD. They directed the Department's CIO to jump through a number of reporting hoops before Accumulo would be allowed inside the DOD, and directed the Accumulo team to upstream their work into related open source … Continue reading The Accumulo Challenge, Part II
We finally have a draft NIST SP 800-53r4. My lord, this is taking forever. For good reason, but... still. It's to be finalized in July, with comments on this draft due to email@example.com by April 6th. Here are the highlights, in their words since I haven't had a chance to read it myself: Clarification of security … Continue reading NIST SP 800-53r4 now in draft
FedRAMP is how clouds will be authorized for use in the Federal government. With it, the government to authorize a cloud for use just once, instead of forcing each agency to authorize the same cloud over and over. The FedRAMP program office published a CONOPS document, which sketches out how everything will work. It's tedious. … Continue reading FedRAMP for the impatient.