Next week I’ll be participating in the inaugural Military Open Source Software Working Group Conference in Atlanta Georgia. Open source conferences that focus on the defense market are often salesy, have a dearth of actual developers, and tend toward sartorial blandness – a sea of dark blue suits worn by open source vendor sales people so they can convince hesitant buyers that their wares are just like the other guys. Look, we even license it by the seat!
This grass roots event, which will be held at the Georgia Tech Research Institute Conference Center, is designed to answer the question raised by those other conferences; “where the geeks at?” It will even have a dress code to match, no suits allowed. There is still space available, so if you are having the kind of ridiculously cool summer that makes August in Atlanta sound appealing, pack your shorts and sandals and head down.
If you aren’t familiar with the defense software space, it buys and builds an immense amount of software. Quite a lot of it is actually pretty cool too because it is designed to solve interesting problems. We’re still waiting for the defense market to have its IBM/Apache moment, but when this market inevitably tips hard into open source the impact is going to be tremendous. Open source methods and licensing will be a conduit for technology transfer from the DoD into commercial use on a vast scale. However, what I think is really cool, is the opportunity it will offer for important participation in the other direction.
A couple of projects at the vanguard of this trend that just opened up are FalconView and Open CPI.
FalconView started life as a moving map for USAF mission planning and was already a great example of user innovation in the military. Recently the team at Georgia Tech took the next logical step and open sourced the bulk of the project.
My colleague John Scott (@johnmscott) and his team at Mercury Computer Systems just opened up the distinctly different Open CPI project. Sort of a middleware for FPGA’s, it grew out of the signals processing field and, if it picks up community support, should make it simpler to develop and build hybridized hardware platforms for special purpose applications. I’ve written before at Radar about the trend in some areas away from pure commodity hardware in areas where performance and energy consumption are a priority. I think projects like Open CPI will contribute to this trend by making the development of specialized platforms more approachable.
This last link isn’t related to open source software except for the fact that Gunnar Hellekson @ghelleks of Redhat pointed me to it. We were chatting over lunch about the epidemiology of virus and vulnerability propagation and the fact the removal term is too low to keep populations small. All too often, once a system on the network (whether in the enterprise or at the home) is infected, it stays infected until it is removed from the network and (hopefully responsibly recycled) sometime after it has been fully depreciated.
Furthermore, in a large enterprise with as many as millions of machines to deal with, it is simply impossible to manage the process of consistently hardening machines to prevent infection in the first place. If Population = (rate of infection – rate of removal)*t you can see that these two issues conspire to help the bot herders and other nefarious characters keep populations large.
To deal with the second problem (and perhaps someday enable a solution to the first) NIST has been developing the Security Content Automation Protocol (SCAP). Basically it is an extensible XML schema for defining the hundreds of security configuration parameters and their values that need to be managed. Once defined and rolled into profiles, agents running on various platforms can implement the profiles automagically. In DoD parlance, this means that Security Technical Implementation Guides (STIGs) can be implemented broadly, efficiently, and, perhaps most importantly, in an ongoing manner.