Observations From FOSE, Day 1

We just completed Day 1 at FOSE. While I was not able to attend any of the presentations, I did walk around the exhibit floor and had a ton of conversations with attendees. Here are a few themes that I observed:

  • There is still a lot of ignorance about open source. Despite the efforts of AFEI with conferences such as DoD Open, the message is not getting through at all. The comment I heard that most epitomized the ignorance was from a government contracting officer: “First its closed, then its open, then its closed again.”
  • Not enough open source is SEM certified. The desire for DISA and other agencies responsible for SCIFs to want to know whats going behind the cleared wall is understandable. However, open source products will have MORE auditability, not less. It seems like there are not enough advocates with enough experience in and understanding of open source products talking to information security officers about the benefits and overcoming objections. The other unfortunate side note is that its awfully hard to get SEM paperwork entered in as a bug into an open source project.
  • The hardware vendor market has to be close to saturated. I was surprised at the preponderance of hardware vendors exhibiting at FOSE.
  • The number of prepackaged software vendors is surprisingly high. Most software has a short shelf life at best. Why government purchasers are paying for long-term licenses and not insisting on code ownership is unknown to me. I think it relates back to the first point about the ignorance of open source in the government purchasing community. If it took a more open source friendly approach to procurement, I posit that costs would go down and quality would increase due to the benefits of meritocracy that the open source community experiences. Its not a panacea, but its a right step.
  • The number of companies at FOSE who do what we do is suprisingly low. Not everything that the government wants comes out of a box. Im surprised that more companies arent there making the pitch that “when what you want software to do doesnt come prepackaged, talk to us.” Software packages rarely do what you want straight out of the box.

Hopefully the talk that Scott McNealy from Sun gave this morning will resonate with program managers, procurement officers, and developers in the government. Eric Pugh will be blogging about that presentation shortly; the Sun CEO spoke about many of the topics we have been blogging about in recent months.