[cybersecurity-wg] Welcome and Opening Topic

Jon Nelson dotcop at gmail.com
Tue Feb 9 13:25:49 CST 2010 
I have been a Pennsylvania State Trooper for the last 16 years.  For the
last 10 years I have been in the Computer Crime Unit where I have
investigated incidents from homicide to retail theft to include several
intrusion cases.  The vast majority of our work deals with child
exploitation.  For the last eight years I have been the Coordinator for our
Central Computer Crime Task Force, which is made up of local, state and
federal law enforcement entities.  I graduated in May 2009 with my BS in
Computer Science and an Undergraduate Certificate in Computer Security.

Over the last 10 years I have been using OSS extensively in our Task Force
operations, developed a version of Knoppix for on scene forensic previews,
and have been an advocate for OSS within my organization and to the law
enforcement community.

In regards to the opening topic...I think the open source model (OSM) meets
the challenge of providing secure code and more cybersecurity far better
than the closed source proprietary model (CSPM) does.  With the larger
collaboration of interested developers in the OSM, bugs, security holes,
“timebombs”, backdoors and embedded malware are much less likely to be
introduced, much less make it out of alpha or beta releases.  In my opinion,
the biggest hurdle is getting people who are used to the CSPM to see that
the OSM works, and that it is not a fad.  To this end, there are many mature
government OSS projects that can be pointed to as success stories.

On your question of background checks, this is something that I have
advocated for years for both developers and system admins on closed systems
(something I have always gotten a lot of blow back from HR for).  In OSS
development, I am not sure sure that it is all that practical or necessary,
except for the top developers who a responsible for the codebase.  As the
saying goes, "Sunshine is the best disinfectant."  That is not to say that
there could be an effort by foreign government(s) to poison the codebase,
but in a large OSM project I think this effort would be discovered rather
quickly.

As this is the first time I have participated in a working group, so I hope
this was what you were looking for.

Regards,

Jon

On Mon, Feb 8, 2010 at 11:21 PM, Roger Yee <rogeryee at gmail.com> wrote:

> Welcome to the Cybersecurity Working Group in support of Open Source for
> America.
>
>
>
> I’ll be your working group chair for cybersecurity. A quick background on
> me: most recently I was a VP with BAE Systems responsible for global defense
> and security IT programs for US customers. A portion of this business area
> formed the basis of what is now the Cybersecurity business unit within BAE
> Systems. Additionally, I have successfully championed the use of open
> technology and standards within our cybersecurity products and associated
> programs.
>
>
>
> With the increasing focus of cybersecurity by the government and industry,
> it has become even more important for those of us engaged in the open source
> community to help shape and voice the role of open source and cybersecurity.
> I am sure there are more than plenty of topics and issues for this group to
> put forth and openly discuss.
>
>
>
> Opening topic:
>
>
>
>
>
> Securing the software supply chain has received notable attention in recent
> months over concerns of software “timebombs”, backdoors and embedded
> malware. What challenges does the open source development model face in the
> context of secure code and cybersecurity? Should developers be subject to
> background checks (aka security clearances)? What role should industry play
> in securing the software supply chain?
>
>
>
> I invite you to introduce yourself to the working group and join the
> conversation!
>
>
>
> Roger
>
> _______________________________________________
> cybersecurity-wg mailing list
> cybersecurity-wg at opensourceforamerica.org
> http://opensourceforamerica.org/cgi-bin/mailman/listinfo/cybersecurity-wg
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensourceforamerica.org/archives/cybersecurity-wg/attachments/20100209/22c7a392/attachment.htm>
More information about the cybersecurity-wg mailing list