Open Source In the DoD Dawn Meyerriecks Chief Technology Officer Defense Information Systems Agency (703)882-1000,

Slides:



Advertisements
Similar presentations
The Web Wizards Guide to Freeware/Shareware Chapter Six Open Source Software.
Advertisements

Keys to Maximizing Component Reuse: Lessons and Case Studies OReilly Conference on Enterprise Java March 29, 2001 Presented by Gary Baney CTO, Flashline.com.
Enabling Technology Innovation using Open Source Software
Carlo Tarantola Senior Director EMEA Mobile and Wireless Center of Expertise Warsaw, Poland Oracle Corporation.
Open Source Answer to Critical Infrastructure Security Challenges Vadim Shchepinov, Chief Executive Officer RED SOFT CORPORATION.
An Empirical Study of the Reliability in UNIX Utilities Barton Miller Lars Fredriksen Brysn So Presented by Liping Cai.
Open Health News Presentation Open Health Tools San Diego Sept. 9, 2011 Roger A. Maduro.
Predictor of Customer Perceived Software Quality By Haroon Malik.
Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by the U.S. Department of Defense © 1998 by Carnegie Mellon.
'08 Rabat Why are we using FreeBSD? Scaleable Services Workshop AfNOG 2008 Rabat, Morocco slides by Hervey Allen presented by Joe Abley.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
6/2/2015SIMS1 Linux Adoption in the Public Sector An Economic Analysis Hal R. Varian Carl Shapiro UC Berkeley
Open Source. Operating System  Application Program Interface (API) Scheduling: Defines which application to run, when to run it, and how much time. Memory.
Chandler ISR June Chandler Open Source Personal Information Manager , calendar, contacts, tasks, free-form items Easy sharing and collaboration.
Web Server Hardware and Software
Origins of the Internet The Internet was started as a research project sponsored by the Advanced Research Projects Agency (ARPA) within the U.S. Dept.
Windows vs.. Linux Security A comparison A comparison.
Presented by: Dr. Mohsen Kahani
Chapter 4 - Software – Part 2 Dr. V.T. Raja Oregon State University.
Sl.NoUnitContents 1.Unit - 1 What is Open Source?, Why Open Source? 2Unit – 2 What is Open Standard? - Why Open Standards? 3Unit – 3 Peek into history.
CHAPTER 6 OPEN SOURCE SOFTWARE AND FREE SOFTWARE
Open Source: A case for transition economies UNCTAD-UNECE High-level Regional Conference for Transition Economies Geneva, October 2003 Rishab Aiyer.
ALISE 2014 Conference Jeonghyun Kim & William E. Moen
Chapter 4 Software Hardware matters little compared to software?
Is Open Source Software a viable option for private and public organizations? Anthony W. Hamann Tuesday, March 21, 2006.
What is IIS? IIS (Internet Information Server) is a group of Internet servers (including a Web or Hypertext Transfer Protocol server and a File Transfer.
Transition to Managed Services 0 Microsoft E-Learning IT Infrastructure Partnership Team August 26, 2008.
Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.
Computers and Society Examine the extent to which Richard Stallman’s GNU manifesto has succeeded in challenging the dominance of conventionally distributed.
Open Source Software An Introduction. The Creation of Software l As you know, programmers create the software that we use l What you may not understand.
ICT business statistics and ICT sector: Uzbekistan’s experience Prepared by Mukhsina Khusanova.
Overview of Linux Dr. Michael L. Collard 1.
Feasibility Study of a Wiki Collaboration Platform for Systematic Review Eileen Erinoff AHRQ Annual Meeting September 15, 2009.
Presented By: Avijit Gupta V. SaiSantosh.
A Comparison of Linux vs. Windows Bhargav A. Sorathiya B.E. 4 th C.E. Roll no:6456.
Information Technology and Enterprise Planning Status Report for The University of Georgia UGA President’s Cabinet April 21, 2005.
From Creation to Dissemination A Case Study in the Library of Congress’s use Open Source Software DLF Spring Forum Corey Keith
1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.
Open Source Software Bangladesh University of Business and Technology Nizar Saadi Dahir M.Sc. Computer Engineering Computer Center- Kufa University
OPEN SOURCE AND FREE SOFTWARE. What is open source software? What is free software? What is the difference between the two? How the two differs from shareware?
Copyright © IBM Corp., All rights reserved; made available under the EPL v1.0 | March 19, 2008 | Short Talk Extending TPTP for TTCN-3 Paul Slauenwhite.
Linux vs. Windows: A Comparison of Application and Platform Innovation Incentives for Open Source and Proprietary Software Platforms Submitted By: Kishan.
Introduction to PHP and MySQL Kirkwood Center for Continuing Education By Fred McClurg, © Copyright 2015, Fred McClurg, All Rights.
Unix Systems security and security evaluation criteria.
Interception and Analysis Framework for Win32 Scripts (not for public release) Tim Hollebeek, Ph.D.
Chapter 14 The Open Source Community. Agenda Types of Free Software Open Source Project Open Hardware Project Impacts.
Free and Open Source Software Aruna Lorensuhewa Contact Details:
Open Source Examples – Linux; Apache; Firefox Requirements – Distributed w/ source code – License allows for modifications (GPL) – License remains w/ any.
Introduction to Project Management.  Explain what a project is?  Describe project management.  Understand project management framework.  Discuss the.
UNIT-3 1.Web server software and Tools 1IT2031 UNIT-3.
Made By: Micheal Mouner Linux VS Windows. Agenda.
ASP-2-1 SERVER AND CLIENT SIDE SCRITPING Colorado Technical University IT420 Tim Peterson.
System Software Chapter 5 The Director Computer Components & Networks, 2002.
XAMPP.
Aaron Corso COSC Spring What is LAMP?  A ‘solution stack’, or package of an OS and software consisting of:  Linux  Apache  MySQL  PHP.
5 ٥ V new position ? 10 ^1 10 ^2 10 ^ : : : : 99.
Antonio Hansford ITEC 400 Berkeley Software Design April 14, 2016.
Introduction to FOSS. Classes of software  Operating System (OS)  Software that manages all the application programs in a computer  Manages the computer.
OPEN SOURCE.
open source and free software Najeeb Ullah Student ID
Introduction Edited by Enas Naffar using the following textbooks: - A concise introduction to Software Engineering - Software Engineering for students-
OPEN SOURCE.
OPEN SOURCE BY :.
PHP / MySQL Introduction
Introduction Edited by Enas Naffar using the following textbooks: - A concise introduction to Software Engineering - Software Engineering for students-
Networks Software.
ApplinX Rod Carlson Senior Technical Lead.
Reducing Costs of Running Universities with Open Source Software
TWO CASE STUDIES OF OPEN SOURCE SOFTWARE DEVELOPMENT: APACHE AND MOZILLA HAKAN TERZIOGLU 2/24/2019 EEL 5881.
Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein
Presentation transcript:

Open Source In the DoD Dawn Meyerriecks Chief Technology Officer Defense Information Systems Agency (703) ,

2 DoD Definition: Open Source Software Software such that the source code is publicly available and others may modify and redistribute it

3 DoD Use of Open Source Software Survey conducted in March, 2002 identified four main categories of open source software usage: –Infrastructure support –Software development –Security –Research

4 Why is Open Source Important? Open source products are deeply embedded in the DoD –Apache - Over 60% of the web pages on the world wide web are presented via Apache.* –TCP/IP - The underlying basis of the Internet; Its creation was funded by DoD. –Sendmail - moves mail from one machine to another; carries nearly 90% of e- mail traffic* –Linux - Unix-like operating system with over 18 million users.*** Widely used to support Apache, TCP/IP, and Sendmail services. –Perl - An open-source-only programing language that is widely used to make web pages “smarter” Open source development is widespread and international –SourceForge.org - 77,000 projects and 804,000 registered users Open source processes extensible to DoD challenges –DoD adopting “community source process” based on CollabNet framework for Next Generation Core Enterprise Services * O’Reilly, Tim, Linux eSeminar Series, ** O’Reilly and Ether Dyson, “Open Mind, Open Source.” *** The Linux Counter

5 Concerns With Using Open Source Software DoD Senior Leadership Solicited Comments from Defense and Industry Concerns raised: 1)Exposing Vulnerabilities 2)Introduction of Trojan Software 3)Capture of Software by GPL Licenses DoD Funded Study to Examine Reliability and Security Claims of “Both Camps”

6 Reliability and Security: Better or Worse? Attributes of the Study: (1) Questions to be Answered Defect rate/Defect repair time? Availability of the product? Vulnerabilities/Resolution time? Criticality of the vulnerabilities? (2) Utilize Existing Systematic Studies of the Questions Separate Tightly Held “Philosophy” from Solid Research  “Open source is more secure”… because it is more rigorously reviewed  “Proprietary software is more secure”… because access to code is limited (3) Consider Confounding factors Skill of the individual programmers Corporate policies and priorities Market share/exposure Proliferation of versions (in both open source and proprietary software)

7 Reliability and Security: How Much Solid Data Exists? Major Studies (1) “Fuzz Revisited”, B.P. Miller, University of Wisconsin, 1995 (2) “An Empirical Study of the Robustness of Windows NT Applications Using Random Testing”, J.E.Forrester, 2000 (3) Zdnet 10-month reliability test:Red Hat Linux, Caldera Systems OpenLinux and Microsoft's Windows NT Server 4.0 (4) Bloor Research 1 year test of Linux vs NT, 1999* (5) Syscontrol AG website uptime survey of 100 popular Swiss sites, Feb (6) SecurityFocus, Linux vs NT vulnerability counts, August 2001 (7) Reasoning Characterizations, On-Going, Multiple Products Bottom line: Some useful comparisons exists case-by-case, but there is a lack of solid data to support a single position

8 Security and Reliability Conclusions General Proprietary-versus-Open Source Discussions for Security or Reliability Reflects POOR Software Engineering Practice NO Substitute For: (1) Well-Structured Development Process For Proprietary/Government developed: Software Engineering Institute Capability Maturity Model Certification, or other process maturity methods (e.g., Agile) For OSS: “Two Case Studies of Open Source Software Development: Apache and Mozilla”, Mockus, Fielding, Herbsleb, 2002 (2) Security Savvy Programmers with Clear Objectives Berkeley Unix System Development (especially the OpenBSD example) Microsoft Longhorn? (via renewed emphasis on security in Microsoft)

9 May 28, 2003 Memo OSS in DoD OSS Must Comply with all Applicable DoD Software Policies –Includes National Security Telecommunications and Information Systems Security Policy Number 11

10 Conclusions Use the Right Tool for the Job –Handle OSS and Proprietary Software Appropriately Practice and Preach Responsible Systems and Software Engineering Discipline –Avoid “Hype”, “Philosophical Camps” –Base Tool Selection on Applicable System Engineering Disciplines and “Real” Data –Encourage Academia and Industry to Continue to Characterize/Evolve Sound Engineering Practices and Products/Services

11 Questions

12