I don't consider myself a huge cloud promoter, but articles like "Experts: Cloud Brings Vulnerabilities" from Defense News drive me crazy. If you read as many articles about IT as I do, you'll recognize this character: the Reactionary Skeptic. It's great work, if you can get it. I've been guilty of it myself. The formula … Continue reading Federal Cloud and the Reactionary Skeptic
[This is a writeup I did as a companion to the History of Open Source in Government Timeline. Karl Fogel and I will be presenting more findings from the timeline at OSCON this year.] It is difficult to imagine the Federal government moving in one well-coordinated direction on any matter, and so it has been … Continue reading History of Open Source in Government
CFPB recently announced one of the most progressive open source policies in the US government. They reiterated the current OMB and DOD guidance by making open source commercial software, but they also went one step further: code they write is open by default. I am totally impressed. CFPB CIO Chris Willey and his acting deputy … Continue reading Consumer Financial Protection Board Grows the Pie
FedRAMP is how clouds will be authorized for use in the Federal government. With it, the government to authorize a cloud for use just once, instead of forcing each agency to authorize the same cloud over and over. The FedRAMP program office published a CONOPS document, which sketches out how everything will work. It's tedious. … Continue reading FedRAMP for the impatient.
“A collaborative, analysis-based approach that leverages the implementation of robust enterprise governance, cross-enterprise portfolio governance, together with segment enterprise architecture, is imperative to ensuring IT efficiently and effectively supports the mission and business functions of a government agency,” DHS Chief Information Officer Richard Spires told a House committee on Friday morning (full transcript below). “A … Continue reading The Open Source Shared First Opportunity: > $1.2 Billion
Liam Maxwell, Cabinet Office director of ICT futures, said Tuesday in London that open source has grown up and it's time to dispel lingering misconceptions about this technology and development process. Maxwell told the Intellect 2012 conference: “Opensource software is not three guys in a shed anymore. There are a lot of misconceptions about open … Continue reading UK Gov’t: Open Source is the future.
The DOD keeps its own catalog of system vulnerabilities, the IAVM. You can think about this as the computer security alerting system for the DOD. If you get an IAVM, it will tell you what the vulnerability is, how critical it is, and if you need to patch it immediately. The rest of the world … Continue reading DISA releases IAVA-to-CVE mapping
This is an expanded version of a document that I wrote for Red Hat internally. I'm now sharing it with all of you because I find myself reciting this information at least once a week. I hope you enjoy it. Please keep in mind that I'm not a lawyer, DAA, or procurement officer. All the … Continue reading A Common Criteria Primer