Category Archives: Papers

Opticks

Opticks is a image and video analysis tool that grew out of the USAF COMET program. It was created for the USAF by Ball Aerospace and subsequently released under the LGPLv2 license in 2007. You can learn more about how this project successfully started their community in this slide show:

Proposed Guidelines for Open Government Plans

Open Source for America (OSFA) represents more than 1,600 businesses, associations, non-governmental organizations, communities, and academic/research institutions who have come together to support and guide federal efforts to make the U.S. Government more open through the use of free and open source software. We applaud the Obama Administration’s Open Government Initiative and the December 8th Directive requiring all federal agencies to promulgate Open Government Plans. We offer the following recommendations for essential elements that belong in every Open Government Plan:

PARTICIPATION

Citizens should have opportunities to meaningfully participate in their government’s work. This means that the government should actively solicit citizen input in its solicitations and internal rule-making. Open Source for America believes that open source software is an invaluable resource to agencies as they accomplish their mission. There is also a tremendous opportunity to capture the innovation and ingenuity of government employees, who have the means to create their own tools to make themselves more effective, rather than waiting for a cumbersome and unresponsive procurement process. Open source software is, in fact, the most concrete form of participation available to the government’s constituents and its employees.

Government agencies should be reminded that in almost all cases, open source software meets the definition of commercial computer software and shall be given appropriate statutory consideration in accordance with US Law (see 10 USC 2377 – reference (b) and FAR 2.101(b), 12.000, 12.101-reference (c))

Agencies should provide a means to receive unsolicited suggestions for free and open source software tools and software that can help them accomplish their missions.

Agencies should encourage competitive bid reviews for procurements and clearly identify and explain all sole-source procurement decisions on the agency website.

Agency procurement rules should explicitly reject preferences for development models.

Agencies should publish lists of “approved products,” including open source software and open data, available for agency procurement, where they exist.

Agencies should have a mechanism for efficiently responding to public input through online sources.

Agencies should formally define open standards to ensure that they are unencumbered, and give preference in procurements to implementations of such open standards where they exist. The OSI open standards definition provides the requisite starting point: http://opensource.org/osr

COLLABORATION

Collaboration between agencies and its constituents is often conducted through comments on proposed rule-making and advisory councils. Open Source for America believes that while citizen participation is important, a deep and ongoing collaboration with its constituents helps agencies become more responsive and accountable to their constituents. Open Source for America believes that free and open source software provides a concrete and immediate means for an agency to work with its constituents.

Agencies should use community-promoting online tools, such as wikis, forums and social media, to solicit public input and feedback on policy and procurement.

Agencies should encourage federal employees and contractors to participate in open source software development initiatives where such efforts contribute to the government mission.

Agencies should have policy guidance promoting the identification and removal of any improper barriers to the agencies’ effective development and use of open source software.

Agencies should facilitate the sharing of software source code and associated design documents across each agency and with the public, as has been done with forge.mil at the DOD.

Agencies should have policies encouraging and clarifying the circumstances permitting the sharing of software code, code fixes and code enhancements with the larger community, as has been done with NHIN Connect at HHS and Virtual USA at DHS.

TRANSPARENCY

Open Source for America strongly believes that a more transparent government is more efficient and accountable to its constituents. Under the Open Government Directive, transparency means the prompt release of government documents and data to the Internet. Such releases increase accountability, and also provide a tremendous opportunity for innovation and entrepreneurship. Open data from the National Weather Service, for example, has created a multi-billion dollar weather forecasting industry. We believe that transparency can be much more. Open tools, like open data, can spur innovation, increase accountability, and make the government more efficient.

Agencies should make taxpayer-funded source code available to the public and other agencies, as DISA has done with its Open Source Corporate Management System and DOE with distributed computing and energy estimation source code.

Agency budget and procurement details should be clearly published on public web sites and easily downloaded.

Agencies should conduct regular reviews of classified and non-classified materials, including software, to encourage declassification wherever possible, and restrict access only by exception.

Published content should be digitally signed or included attestation of publications/creation date, authenticity and integrity.

Agencies should publish on their website, private sponsorships for fact-finding trips and receipt of all free “product samples,” goods or services received from outside parties related to software manufacturing or procurement.

Agencies should publish on their website, logs that inform the public of ex parte policy discussions and would-be vendor solicitations.

Agencies should use and accept open file format standards for all external communications including when seeking public input or announcing agency policy.

All agency publications and data should be distributed in royalty-free or non-patent-encumbered formats, regardless of what other formats the data and publications are available.

OSFA Refutes IIPA’s Attack on Open Source Software

In February 2010, the International Intellectual Property Association (IIPA) asked the U.S. Trade Representative (USTR) to put Indonesia, Brazil, India, the Philippines, Thailand and Vietnam on its “Special 301” watch list in part because of their policies encouraging the adoption of open source software (OSS) by government agencies.

Open Source for America (OSFA) believes the IIPA’s request to be both irresponsible and misleading in its characterization of OSS. OSFA strongly urges the USTR, and all government agencies, to firmly reject such unfounded pressure to blacklist or penalize any country for policies allowing or encouraging the use of OSS.

OSFA is a coalition that encourages broader U.S. federal government support of and participation in open source technologies. OSFA includes a diverse cross-section of technology industry leaders, associations, non-governmental organizations, academic/research institutions and communities.

Regarding Indonesia’s open source procurement policy, the IIPA states:
Rather than fostering a system that will allow users to benefit from the best solution available in the market, irrespective of the development model, it encourages a mindset that does not give due consideration to the value to intellectual creations. As such, it fails to build respect for intellectual property rights and also limits the ability of government or public-sector customers (e.g., State-owned enterprise) to choose the best solutions to meet the needs of their organizations and the Indonesian people. [note: emphasis added]

The allegations that OSS is not an intellectual creation, or that using or preferring open source software means that one does not respect intellectual property rights are fundamentally false and misleading. OSFA believes the IIPA’s statement disregards the following points:

Open source is intellectual property. OSS is licensed, and at its core depends upon and promotes the greatest possible respect for copyright. Users must have a license from the copyright holder before they can obtain a copy of software to run on their system. Authors of OSS exercise and celebrate their intellectual property rights by generally allowing users the freedom to redistribute, copy, and/or modify the code under a specific OSI-approved license.

Open source software encourages market competition. By its very nature, the source code of OSS is available to all, meaning that any company can build upon the software for its own offerings. It can be maintained and updated by any vendor who chooses to enter that market. As such, OSS reduces barriers to both entry and exit into the marketplace for all vendors. In this way, a policy such as Indonesia’s encourages greater innovation and competition, quite the opposite of the IIPA allegations that it “denies many legitimate companies access to the government market.”

Furthermore, U.S. based companies are leading providers of the open source solutions that are being leveraged by governments globally. U.S. based vendors have supplied the solutions behind the new WhiteHouse.gov and other initiatives (e.g., HHS’ NHIN Connect, DHS’ Virtual USA, NASA’s Nebula Cloud, VA’s VISTA and the just announced 311 Open Source in San Francisco, Los Angeles and Boston) being successfully pursued by the Obama Administration.

Open source software use is growing at all levels of U.S. government. OSS is being leveraged to great advantage in the intelligence, military, and civilian sectors of the U.S. federal government as well as various state and local governments, including Vermont and California. The U.S. Department of Defense issued a guidance memo in October 2009 outlining the positive aspects of OSS that should be considered when conducting market research on software for Department use.

Some of the benefits noted in the memo include:
The continuous and broad peer-review enabled by publicly available source code supports software reliability and security efforts through the identification and elimination of defects that might otherwise go unrecognized by a more limited core development team.
The unrestricted ability to modify software source code enables the Department to respond more rapidly to changing situations, missions, and future threats.
Reliance on a particular software developer or vendor due to proprietary restrictions may be reduced by the use of OSS, which can be operated and maintained by multiple vendors, thus reducing barriers to entry and exit.
Open source licenses do not restrict who can use the software or the fields of endeavor in which the software can be used. Therefore, OSS provides a net-centric licensing model that enables rapid provisioning of both known and unanticipated users.
By sharing the responsibility for maintenance of OSS with other users, the Department can benefit by reducing the total cost of ownership for software, particularly compared with software for which the Department has sole responsibility for maintenance.
OSS is particularly suitable for rapid prototyping and experimentation, where the ability to “test drive” the software with minimal costs and administrative delays can be important.

Quotes:
The U.S. Trade Representative (USTR) should not penalize any country for policies allowing or encouraging the use of open source software. Such pressure is based on unfounded claims that open source software weakens intellectual property and the software industry. Not only are such claims untrue, but our own state and federal government departments increasingly use open source software and contribute to open source projects. Open Source for America calls on the USTR to reject the statements of the IIPA and to refuse to place any country on the “Special 301″ watch list because of their adoption and support of open source software.
Terri Molini, founding member, Open Source for America

The position taken by IIPA is unbalanced. It relies on outdated definitions, special interests and a fear of innovation and new business model opportunities. It blends them together to abuse an outdated mechanism of the US government with a condemnation that applies to the US itself.. America has a role in defending free markets around the world. The IIPA’s stance does not support that role, and should not be respected.
Michael Tiemann, president of OSI Board

German Federal Institute for Geosciences and Natural Resources (BGR)

Ingres Corporation is helping the German Federal Institute for Geosciences and Natural Resources (BGR) in its global monitoring of earthquakes, including the 7.9 magnitude earthquake that struck China’s Sichuan Province on May 12, 2008. The Ingres Database, a leading enterprise open source database, is the backbone of BGR’s Earthquake Monitor System (ERMOS), which is used to track real-time information on earthquakes in China, Germany, Europe, and around the world. Recent data from the monitoring of the China earthquake can be accessed here. In addition, the system also monitors compliance with the Comprehensive Nuclear Test Ban Treaty (CTBT), a prohibition of all forms of nuclear testing underground, underwater, and in the atmosphere.

Despite technological advancement in earthquake monitoring, today it is still nearly impossible for scientists to forecast when and where an earthquake might occur. Even though warning systems are in place in many of the regions most threatened by earthquakes, at present they are still only able to sound the alarm seconds after the event. For this reason, collection of the relevant seismological data is crucial so that it can be made available to research and scientific organizations across the globe. The BGR has historical data on earthquakes dating back to 800 AD, as well as metadata on more than two million seismological events, and the database continues to grow.

The BGR migrated to an Ingres open source database in 2007. The open source business model of the Ingres database brought the institute flexibility and costs savings. In addition, the BGR relies on a double support service – from active Ingres user groups that exchange ideas and tips, as well as from Ingres itself through its comprehensive support services.

Fast access to data and permanent availability are two of the key requirements for successful operation of the BGR. As a government agency commissioned to monitor and ensure compliance with the CTBT, the BGR must ensure a minimum 98 percent availability of data at all times. The International Monitoring System, (IMS), has 321 monitoring stations around the world that monitor adherence to the CTBT. The BGR is responsible for operating four of these highly sensitive listening posts and assumes the role of a national data center (NDC). The institute acts as expert advisor to the federal government and the CTBT organisation in Vienna.

About the Federal Institute for Geosciences and Natural Resources (BGR)

The Federal Institute for Geosciences and Natural Resources (BGR) is the geoscientific centre of excellence within the federal government and is part of its scientific and technical infrastructure. As a Federal Regulatory Authority it is accountable to the Federal Ministry of Economics and Technology. The BGR provides neutral and independent advice and information on all geoscientific and natural resource issues. In this way it supports the following Federal Government objectives for:

* stimulating economic development,
* long-term protection and improvement of the quality of life,
* enhancing scientific and technical expertise.

These tasks are divided into three main categories: Natural Resources and Georesources, Geosafety and Geoscientific Cross-Sectional Functions. For further information, click here.

 

The NSA’s Security Challenge

Using open source software, the National Security Agency was able to gather a community of professional and amateur security experts together to make unprecedented security protections available to the public.

The National Security Agency has a mission. It is not just the nation’s code keeper and code breaker, but it must ensure the security of the nation’s digital infrastructure. Ironically, it had a security problem: the ecosystem for software that was keeping top secret information secret was deeply broken. There was little competition, no innovation and this essential software was expensive, slow to market, and antiquated.

Multi-Level Security, or MLS, is a complex problem: how to allow data with many different security classifications exist on the same machine? MLS software is difficult to get right, and easy to get wrong. It is subject to a stringent certification process. There’s only one customer for this kind of software: government. Once you’ve deployed MLS software, it’s very difficult to move to another solution as every MLS system was different. These are near-perfect conditions for very expensive, proprietary software that doesn’t innovate.

The NSA found it was spending too much money to acquire software that was quickly obsolete. It was  dependent on a handful of companies who had every reason to lock the NSA into their platform. What’s worse, the private sector had no ready access to this technology that could be enormously helpful in the war against hackers and viruses.

Stephen Smalley at the NSA had a new approach. He knew that if he could solve the MLS problem with open source software, it would
simultaneously reduce the cost of the software, open the field to new innovations, and make the technology available to the private sector. In one stroke.

So Smalley and his team did something unprecedented: they took their proof of concept and released it to the world as a project called
SELinux. It began as a set of changes to the open source Linux operating system, but soon it was completely integrated. What was once expensive and proprietary was now available to millions of Linux users and developers at no charge.

At first glance, this may seem strange. Detractors of the SELinux project warned that this software must have backdoors that would give the NSA access to their computer systems. Others claimed that an open source security project could never be secure, since anyone could see where the flaws might be.

After careful scrutiny — scrutiny on a scale that was only possible because the software was open — it was quickly determined that SELinux had no backdoors. Likewise, the NSA knew that the best way to ensure the security of the software was to make it open and available to anyone’s scrutiny. They knew that software is never perfect, and the most effective strategy for identifying and quickly fixing security problems is to make sure that anyone can find the flaws, and anyone can provide a fix.

The SELinux project now has a life of its own. There’s a broad community of developers working on new SELinux features and improvements. A number of companies now provide consulting and development services around SELinux. The SELinux project has created a market for very sophisticated and complex software, which is exactly what the NSA needed.

Millions of Linux users now protect themselves from attack with SELinux, dramatically improving the security of computer systems around the world. Healthcare companies can now use sophisticated security measures to protect personal health records and meet the government-mandated HIPPA requirements.

Open source software creates markets. It spreads innovation, and harnesses the collective intelligence of every member of the community. Without open source, the NSA would still be saddled with expensive and antiquated MLS systems. That’s the power of open source software: we can do more when we work together.