It was a great pleasure to be involved in organizing last week’s Open Source Industry Day, sponsored by the NSA. In the spirit of the day, I’ve been sworn to secrecy by the event’s other organizer, the Open Source Software Institute, with regards “how the sausage was made,” but let me just say that the mad scramble leading up to it resulted in a first class program that received incredible accolades from senior industry and government representatives alike. Many in the federal government are clearly encouraging the use of open source and the (IMHO healthy) attitude seems to be that open source should be viewed in the same light as any other software.
Although the NSA was behind the event, it drew over 650 people from industry and myriad government agencies, perhaps a little weighted to defense and three letter acronym variety. Security was certainly a theme, but the topics discussed were wide ranging, covering all things hot in technology today—big data, cloud, embedded systems, legal issues, and even social media.
John Marshall, CTO for the Joint Chiefs of Staff, kicked off the day by making it clear how important software is to all aspects of our national defense, from the strategic right down to the soldier on the battlefield. In the same way that so many industries today are becoming all about software, so is fighting a war. Marshall’s view is that to keep up, and to do so economically, it’s critical that the government leverage open source, and he was very encouraging of vendors to be involved with OSS. John was quick to bring up the import of managing the associated risks, and just as quick to remind us that there are similar risks with all software.
Charlie Stein, a well-respected program manager from the NSA’s Information Assurance Directorate (whom it was my pleasure to introduce) echoed many of the same themes from the perspective of the intelligence community. On one hand, the NSA is not known for sharing—Charlie made an allusion to the number of personnel in the agency and would only barely indicate the order of magnitude. But when it comes to open source, they get it with regards to the benefits of both consuming and contributing back to the community, while, of course, keeping the secret sauce behind the firewall (no doubt a formidable one). Heck, they essentially put the SE in SELinux (Security Enhanced Linux) and started the big data granular access project Accumulo.
It was frustrating not to be able to hit all the great panel discussions. The one I ran, which focused on supply chain risk management, was on the main stage and featured a star-studded line up of experts from the DoD CIO’s office, the Software Engineering Institute, HP, Red Hat, and supply chain specialists, Willcor. Our discussion covered pure open source projects like Linux but also multi-source supply chains that lead up to systems supplied by all kinds of vendors. The government consumes and benefits from open source in virtually every system it procures. However the software is licensed, it’s incumbent upon procurement organizations to understand what’s in it and how it was built (the provenance and pedigree, as Charlie Stein emphasized several times) in order to manage the risks.
The implicit, and sometimes explicit message that came throughout the day was, “It’s just software.” And, it seems to me, that sort of level playing field is all the open source community could ask for.
