Agencies Widen Open-Source Use - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News
News
11/15/2013
08:00 AM
50%
50%

Agencies Widen Open-Source Use

Open-source software programs streamline efforts, improve security, and lower costs.

Federal agencies, looking for new ways to lower their IT costs, are exploiting open-source software tools in a wider range of applications, not only to reduce software costs, but also to tighten network security, streamline operations, and reduce expenses in vetting applications and services.  

The Department of Homeland Security typifies the widening embrace of open-source software. The main reason has to do with saving money, says Greg Capella, DHS deputy executive director, Enterprise System Development Office, Chief Information Officer. The department is applying open-source code internally, not only for its IT infrastructure, but also for mobile applications, he said during the Red Hat Government Symposium in Washington, Nov. 6.

One open-source pilot, called “Car Wash,” is a platform to test the integration of mobile device applications. Capella notes that the pilot will extend beyond the DHS and soon be made available across the federal government. The system has already been presented to the federal CIO Council.

Agencies wishing to deploy Android or iOS-based devices can use Car Wash to look for preferred coding practices in applications and for security holes. “It gives you everything from coding best-practices… to security, [section] 508, and other compliance checks,” he said. The system will test and provide feedback, for instance, about how well the product’s developers have coded an application.

Efforts like Car Wash are one of the ways that the DHS wants to refine how it uses open-source software, Capella explained. The practices used in the pilot program build on open-source software’s strengths as a community-developed product that tends to catch the introduction of security holes while adding capabilities quickly to foundational software, he said.

The DHS is also focused on expanding its cloud capabilities using open-source software. That can be challenging because agencies within DHS often don’t want to compromise on features, Capella said. That’s changing, however, as budgets tighten. “We’re seeing more people willing to compromise and starting to embrace these 80 percent solutions as opposed to solutions that push the envelope.”

[ Find out how to streamline cloud security approvals. Read: FedRAMP Director Discusses Cloud Security Innovation ]

The expanded use of open-source software to streamline capabilities and improve operations can also be seen in the intelligence community, in particular at the National Security Agency.

There is a large amount of duplication involved in information assurance, explains Jeff Blank, a technology and systems analysis/network components director with the NSA’s Information Assurance branch. Much of that duplication is the result of multiple checklists required for vendors’ products at varying security and authorization levels.

Blank is now trying to reduce that duplication by conducting due diligence once with a vendor offering multiple products. Working with Red Hat, NSA set up a project called the Security Content Automation Protocol (SCAP) Security Guide in 2011. It is a hosted catalogue of key security settings for a range of software products such as enterprise Linux. The SCAP Guide also plugs into and cross references products with other security catalogues, such as DISA’s CCI List. He noted that the goal was to allow different enterprise consumers to use security profiles as a guide to selecting the products they needed.

Blank described the SCAP Guide program as a success, noting that it will help reduce the costs of security due diligence in the intelligence community. He also praised the quality benefits of open-source software that result from users working in shared environments and gaining feedback -- a big change from the days of proprietary software. “When [software] is done behind closed doors, you don’t always get the best results,” he said. 

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Slideshows
10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
News
Tech Spending Climbs as Digital Business Initiatives Grow
Jessica Davis, Senior Editor, Enterprise Apps,  4/22/2021
Commentary
Optimizing the CIO and CFO Relationship
Mary E. Shacklett, Technology commentator and President of Transworld Data,  4/13/2021
Register for InformationWeek Newsletters
Video
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll