I went to an open source conference Dec 11-12 2007, with talks by
Bill Vass, COO of Sun (http://en.wikipedia.org/wiki/Bill_Vass), David A Wheeler (http://www.dwheeler.com), John Weatherby of OSSI (http://oss-institute.org/), Terry Bollinger of MITRE (http://terrybollinger.com/), and representatives of the GSA, the US Army (including Brig Gen N. G. Justice), US Air Force, and several other commercial companies such as Unisys, BearingPoint, Palamida.
Here are some notes in random order:
Must use OS for the increasingly complicated ("exploding")
software/lines of code in communication systems. Systems involve more
data, more "horsepower", and more functionality.
Embedded systems (1998? jet avionics has 1.7M lines
of code, bluray dvd has 8M lines of code) are getting more
and more complex. Proprietary systems
cannot be reused by another contractor, leading to "vendor lock", nor can
they be improved, modified, or debugged. All software requires
maintenance and debugging. OSS shares the cost of maintenance.
Fundamental Principle (Software security): Open design principle is the
statement that any protection mechanism must not depend on attacker
ignorance.
OSS obeys this principle ("security by obscurity isn't").
Terry Bollinger, MITRE:
Use of FOSS in DoD is greatest in intfrastructure support
(network, ...) software development (C, C++, ...), security
(operating systems, cyberattack response, ...), research (math
software, ...). Report at http://www.terrybollinger.com
Anthony Gold (Unisys):
anthonygold.blogspot.com
LZW ( a compression system used by gif) was discovered at
unisys. This is how not to start OS.
OSS is a 20 billion/yr and growing at 20% (Unisys data)
CIO Conundrum:
- IT budgets declining
- most dollars spent on maintainance
- moe accountability
- more demands for new features
- lots of legacy code
- users demand more access
OSS is a great soln
Future of OS adaption, M Tolliver Palamida
OSS- sf.net has > 156K projects.
800K developers (average yrs experience is 11, age is 30)
OSS is very common - even in proprietary systems. Typically
50% of closed source systems is actually open source.
Usually this is unknown to the company writing the software itself.
Why should the taxpayer pay for compression utility over and over?
Software needs to be tracked just like any other supply chain.
Issues - policy, education, transparency, complicance.
Bill Vass, Pres COO Sun
Open systems refer to standards (ask what standards they use and who
maintans those standards)
Open source refers to OSI license (ask whick one)
You want both.
Security through obscurity isn't (this of the Trojan horse - what if the
enemy inside was visible?).
Number 1 reason why IT profs, govt agencies, education insts use OSS?
Security. TCO is number 2.
Percentage of US busineses using OSS: 87%
Every sun product is OS or will be - even hardware. Sun requires *signed*
contributor agreements.
Sun spent 404M dollars on linux (more on OSS products)
OSS is ready for primetime - think gogle, yahoo,
ebay, sun, banks (mysql), ...
Organizations can save millions of dollars using OSS. Use
indemnified providoes like Sun.
Stay away from proprietary extensions. Look carefullly at support costs.
(Think of bottled water as an analogy.)
OSS is *not* about training and it's about change management.
"Scale of problem indicates you must use, OS to obtain security
and functionality." Dewey Houch, CTO, Boeing.
"You cannot retain the intellectual talent to maintain a closed-source
system to solve all problems."
David Wheeler, IDA
Vendor lockin is a security problem!
Open design improves security.
Bruce Schneier: "demand OSS for anything related to security".
Whitfield Diffie: "it's simply unrealistic to depend
on secrecy for security".
Borland - Interbase/Firebird database program was closed source
and had a backdoor (a login and password which would allow any
user access). It was not paking a profit, so released as
open source. Within 5 months, this security problem was
discovered and fixed!
http://www.dwheeler.com/oss_fs_eval.html
Wednesday, December 19, 2007
Subscribe to:
Posts (Atom)
Blog Archive
-
►
2008
(12)
- ► 05/25 - 06/01 (1)
- ► 04/13 - 04/20 (1)
- ► 03/30 - 04/06 (1)
- ► 03/23 - 03/30 (2)
- ► 03/16 - 03/23 (3)
- ► 03/02 - 03/09 (1)
- ► 02/17 - 02/24 (1)
- ► 02/10 - 02/17 (1)
- ► 01/27 - 02/03 (1)
-
▼
2007
(20)
- ► 12/30 - 01/06 (1)
- ► 12/09 - 12/16 (2)
- ► 12/02 - 12/09 (1)
- ► 07/29 - 08/05 (1)
- ► 07/22 - 07/29 (1)
- ► 07/15 - 07/22 (1)
- ► 06/24 - 07/01 (1)
- ► 06/03 - 06/10 (2)
- ► 05/20 - 05/27 (4)
- ► 04/15 - 04/22 (2)
- ► 04/08 - 04/15 (2)
- ► 04/01 - 04/08 (1)