[development] Certify Drupal for use in Government (US) Projects
cxjohnson at gmail.com
Tue Sep 30 21:30:36 UTC 2008
Indeed. In the article I provided the first link to, there is also this
"Not everyone has been pleased with how the bill calls out open-source
software by name, though. Analysts at the Business Software Alliance met
with members of the committee to voice their concern that the bill
unfavorably offers open-source software products an unfair competitive
advantage over other commercial software, according to a BSA spokesperson
who declined to be named."
I think we all know who the BSA is, and who they represent. Clearly the
proprietary software vendors are upset and lobbying against FOSS.
On Tue, Sep 30, 2008 at 3:55 PM, Laura Scott <pinglaura at gmail.com> wrote:
> Consider that one big difference between proprietary and open source is
> lobbying and existing contract relationships. Chris DiBona I believe spoke
> about how a defense contractor tried to get OSS banned from military
> systems, but after an internal audit of such systems revealed that a huge %
> of such systems (30%? More? I confess I don't recall) depended upon OSS, the
> DOD rejected the proposal.
> There is more to this than simple perceptions about FOSS.
> On Sep 30, 2008, at 9:14 AM, Jon Saints wrote:
> On a recent project for the US government, half way through the development
> process, our work was stopped by a government security review which said
> that Drupal (and open source software in general) is not suitable for use in
> government projects that house personal information due to security
> Because our project had been approved by higher ups within the department,
> we were paid for our work up to that point and asked to stop. Now, its up
> to the tax payers to foot a much larger bill for other developers to
> implement a proprietary and more "secure" (or secretive) solution.
> The "transparency" of the Drupal project was one of the government's big
> objections. In their eyes, disclosing and fixing securit holes in a timely
> manner, is not the same thing as security. They pointed out the 100+
> security disclosures since drupal 4.0 as a reason that the system could not
> be used. We noted that all these disclosures where quickly addressed, but
> that did not seem to matter.
> I notice other governments around the world are using Drupal with great
> success and savings to citizens:
> The standards we would need to meet with drupal are:
> My questions are the following:
> - Have any other developers run into this cerfication problem before?
> - Is anyone in the drupal community currently working to get Drupal
> certified for use in US Government projects?
> - Does anyone know exactly what cerfication would require from a
> development standpoint?
> If there is interest in investigating this type of certification further,
> let me know. NIST, the department that certifies software, is just down the
> road from me. I could go investigate further.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the development