News
News
11/15/2013
08:00 AM
Connect Directly
RSS
E-Mail
50%
50%

Agencies Widen Open-Source Use

Open-source software programs streamline efforts, improve security, and lower costs.

Federal agencies, looking for new ways to lower their IT costs, are exploiting open-source software tools in a wider range of applications, not only to reduce software costs, but also to tighten network security, streamline operations, and reduce expenses in vetting applications and services.  

The Department of Homeland Security typifies the widening embrace of open-source software. The main reason has to do with saving money, says Greg Capella, DHS deputy executive director, Enterprise System Development Office, Chief Information Officer. The department is applying open-source code internally, not only for its IT infrastructure, but also for mobile applications, he said during the Red Hat Government Symposium in Washington, Nov. 6.

One open-source pilot, called “Car Wash,” is a platform to test the integration of mobile device applications. Capella notes that the pilot will extend beyond the DHS and soon be made available across the federal government. The system has already been presented to the federal CIO Council.

Agencies wishing to deploy Android or iOS-based devices can use Car Wash to look for preferred coding practices in applications and for security holes. “It gives you everything from coding best-practices… to security, [section] 508, and other compliance checks,” he said. The system will test and provide feedback, for instance, about how well the product’s developers have coded an application.

Efforts like Car Wash are one of the ways that the DHS wants to refine how it uses open-source software, Capella explained. The practices used in the pilot program build on open-source software’s strengths as a community-developed product that tends to catch the introduction of security holes while adding capabilities quickly to foundational software, he said.

The DHS is also focused on expanding its cloud capabilities using open-source software. That can be challenging because agencies within DHS often don’t want to compromise on features, Capella said. That’s changing, however, as budgets tighten. “We’re seeing more people willing to compromise and starting to embrace these 80 percent solutions as opposed to solutions that push the envelope.”

[ Find out how to streamline cloud security approvals. Read: FedRAMP Director Discusses Cloud Security Innovation ]

The expanded use of open-source software to streamline capabilities and improve operations can also be seen in the intelligence community, in particular at the National Security Agency.

There is a large amount of duplication involved in information assurance, explains Jeff Blank, a technology and systems analysis/network components director with the NSA’s Information Assurance branch. Much of that duplication is the result of multiple checklists required for vendors’ products at varying security and authorization levels.

Blank is now trying to reduce that duplication by conducting due diligence once with a vendor offering multiple products. Working with Red Hat, NSA set up a project called the Security Content Automation Protocol (SCAP) Security Guide in 2011. It is a hosted catalogue of key security settings for a range of software products such as enterprise Linux. The SCAP Guide also plugs into and cross references products with other security catalogues, such as DISA’s CCI List. He noted that the goal was to allow different enterprise consumers to use security profiles as a guide to selecting the products they needed.

Blank described the SCAP Guide program as a success, noting that it will help reduce the costs of security due diligence in the intelligence community. He also praised the quality benefits of open-source software that result from users working in shared environments and gaining feedback -- a big change from the days of proprietary software. “When [software] is done behind closed doors, you don’t always get the best results,” he said. 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
mo'brien944
50%
50%
mo'brien944,
User Rank: Apprentice
11/17/2013 | 7:44:23 PM
ProjectLibre: open source replacement of Microsoft Project growing government adoption
ProjectLibre just won InfoWorld's "Best of Open Source" award.  ProjectLibre is an open source replacement of Microsoft Project that is available on Linux, Mac or Windows.   The usage on government projects is growing rapidly.   It is great to see the coverage in Information week on open source usage!   http://www.infoworld.com/slideshow/119652/bossie-awards-2013-the-best-open-source-applications-226975#slide11
IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.