<div dir="ltr">Indeed. In the article I provided the first link to, there is also this quote:<br><br>"Not everyone has been pleased with how the bill calls out open-source
software by name, though. Analysts at the Business Software Alliance
met with members of the committee to voice their concern that the bill
unfavorably offers open-source software products an unfair competitive
advantage over other commercial software, according to a BSA
spokesperson who declined to be named."<br><br>I think we all know who the BSA is, and who they represent. Clearly the proprietary software vendors are upset and lobbying against FOSS.<br><br><br><div class="gmail_quote">
On Tue, Sep 30, 2008 at 3:55 PM, Laura Scott <span dir="ltr"><<a href="mailto:pinglaura@gmail.com">pinglaura@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div style="">Consider that one big difference between proprietary and open source is lobbying and existing contract relationships. Chris DiBona I believe spoke about how a defense contractor tried to get OSS banned from military systems, but after an internal audit of such systems revealed that a huge % of such systems (30%? More? I confess I don't recall) depended upon OSS, the DOD rejected the proposal.<div>
<br></div><div>There is more to this than simple perceptions about FOSS.</div><div><br></div><font color="#888888"><div>Laura</div></font><div><div></div><div class="Wj3C7c"><div><br></div><div><br><div><div>On Sep 30, 2008, at 9:14 AM, Jon Saints wrote:</div>
<br><blockquote type="cite"><div dir="ltr">On a recent project for the US government, half way through the development process, our work was stopped by a government security review which said that Drupal (and open source software in general) is not suitable for use in government projects that house personal information due to security concerns.<br>
<br>Because our project had been approved by higher ups within the department, we were paid for our work up to that point and asked to stop. Now, its up to the tax payers to foot a much larger bill for other developers to implement a proprietary and more "secure" (or secretive) solution.<br>
<br>The "transparency" of the Drupal project was one of the government's big objections. In their eyes, disclosing and fixing securit holes in a timely manner, is not the same thing as security. They pointed out the 100+ security disclosures since drupal 4.0 as a reason that the system could not be used. We noted that all these disclosures where quickly addressed, but that did not seem to matter.<br>
<br>I notice other governments around the world are using Drupal with great success and savings to citizens:<br><a href="http://buytaert.net/new-zealand-government-using-drupal" target="_blank">http://buytaert.net/new-zealand-government-using-drupal</a><br>
<br>The standards we would need to meet with drupal are: <br><a href="http://csrc.nist.gov/groups/SMA/fisma/index.html" target="_blank">http://csrc.nist.gov/groups/SMA/fisma/index.html</a><br><br>My questions are the following:<br>
- Have any other developers run into this cerfication problem before?<br> - Is anyone in the drupal community currently working to get Drupal certified for use in US Government projects? <br> - Does anyone know exactly what cerfication would require from a development standpoint?<br>
<br>If there is interest in investigating this type of certification further, let me know. NIST, the department that certifies software, is just down the road from me. I could go investigate further.<br> <br>Thanks<br>Jon<br>
</div></blockquote></div><br></div></div></div></div></blockquote></div><br></div>