Linux in Government: An Interview with John Weathersby of OSSI

On July 1, 2004, the Executive Office of the President of the United
States issued a memorandum for Senior Procurement Executives and
Chief Information Officers. The memorandum emphasizes the President's
previous memorandum titled "Maximizing Use of SmartBuy and Avoiding Duplication
of Agency Activities". In this latest memorandum,
OMB 04-16,
the President issued the following ground-breaking statements:

This reminder applies to acquisitions of all software, whether it is
proprietary or Open Source Software. Open Source Software's source
code is widely available so it may be used, copied, modified, and
redistributed. It is licensed with certain common restrictions, which
generally differ from proprietary software. Frequently, the licenses
require users who distribute Open Source Software, whether in its original
form or as modified, to make the source code widely available. Subsequent
licenses usually include the terms of the original license, thereby
requiring wide availability. These differences in licensing may affect
the use, the security, and the total cost of ownership of the software
and must be considered when an agency is planning a software acquisition.

As I read this memorandum, I quickly thought of someone who has
worked behind the scenes in the federal arena to promote open-source
software. Although I know many people are working to get open-source software
into government, I consider John Weathersby to be one of the more effective
and least recognized figures. Part of his modus operandi has included
staying humble, avoiding focus on himself and giving credit to others.
In this rare interview, I hope you get a sense of how much he has achieved
and how consistently he has worked to achieve this vision.

Linux Journal: Last week, the
Linux Journal site published
an article about
the DoD in which
you played a part. You've had a role in some significant events the last
two years. How did you get involved in open-source software?

John Weathersby: I'll be the first one to tell you that I am not a
technologist. My background is in business development and marketing.
But as fate would have it, I got involved in the world of open-source
software in 1998. I was one of the founding partners of a company called
SAIR Linux and GNU Certification.

At the time, I was a principal in a small business development
company. One day, a college professor named Dr. Tobin Maginnis approached
us with the idea of building a training and certification company focused
on Linux. We had very little idea what Linux was, but we knew Tobin and trusted
his instinct that Linux was well on the way to changing the world.

Within 14 months, SAIR was publicly traded and owned by Thomson Media. The
real interesting part for me was getting to know the people we worked
with in the Open Source community.

SAIR's original advisory board included Richard Stallman, Bruce Perens
and Eric Raymond. So, I began my education into the field with these
guys. I had to learn the hard way, and fast, when to say free software
and GNU/Linux rather than open source and Linux.

After SAIR, I started focusing on the adoption of open source within the
government. My primary target always has been the Department of Defense.
While at SAIR, I saw first-hand that there were a lot of instances
of Linux and other open-source programs running, but few [people] were talking
about it.

LJ: What does OSSI do exactly?

JW: The Open Source Software Institute
(OSSI) is a non-profit
organization whose mission is to promote the development and
implementation of open-source solutions within federal, state and
local government agencies and academic entities. Our goal is to
help identify and facilitate the adoption of open source
within the public sector, specifically within the DoD.

LJ: Why the DoD?

JW: Primarily because the US Department of Defense is the
largest purchaser and user of IT products and services in the world. And
when the DoD says something is worth buying, so goes industry.

Second, the DoD is extremely structured, with rigid standards
and protocols. That meant there would be rules to follow, and if you can
integrate within the system, then you become a part of the process. Open
source is achieving both of these right now.

OSSI members and supporters see our efforts as a way to help build
business opportunities as well as support the ideals of open-source
software.

LJ: Can you tell us about the
work OSSI did for the Navy?

JW: We have a working relationship with the US Navy through
a mechanism known as a Cooperative Research and Development Agreement
(CRADA). Our CRADA is with the Naval Oceanographic Office, which is based at the
Stennis Space Center near New Orleans.

Through the CRADA, we have been able to work closely with the Navy to
help identify where they currently are using a wide variety of open-source
programs and applications and to demonstrate where they might be able
to use other open-source solutions to increase efficiency and save money.

Another tremendous benefit of the CRADA is the opportunity to work
directly with members of the Navy in a cooperative, mutually beneficial
relationship. The Navy has benefited from the studies of and on-going access
to the Open Source Community and industry experts. And, the Community and
IT industry has benefitted from the Navy's acceptance and continued
implementation of open-source technologies.

And, we as taxpayers all benefit when public dollars are spent more
efficiently.

LJ: Your Cornerstone Partner is Hewlitt
Packard. How does HP participate in OSSI?

JW: HP was OSSI's initial Cornerstone Sponsor
and [it has] continued to

support the organization in countless ways.
We have several other large corporate members and sponsors, but from
the beginning HP has provided not only dollars but direction, insight,
technical and business advice and guidance, as well as encouragement.
HP has a good grasp on both the open-source philosophical concept and
the business model.

So much of what OSSI does is to educate public sector decision makers
about the benefits of adopting and utilizing open source solutions.
That process takes time, patience and commitment. OSSI is very fortunate
to have members [such as] HP that are willing stick with program.

LJ: How are you involved with education
and what is the goal of your current effort?

JW: We are very interested in educational programs for a
variety of reasons. As with the government, we want to see public dollars
used in the most effective and efficient manner possible.
Secondly, so many fantastic open-source programs and developers
are involved in the academic world that it is crazy not to leverage
these resources to our mutual and long-term benefit.

Currently, we [are working on] several educational initiatives. For some,
we've seen great progress. [Others have] gotten
caught up in the world of turf battles and politics. It is unfortunate
and discouraging, but that is part of the process as well.

LJ: Tell us about the
Forbes project.

JW: Forbes
Magazine did a special advertising section on open
source this summer. OSSI worked with representatives from the advertising
and editorial staff to help pull together support for the edition.

What I found most encouraging about this project was that a high-profile
publication such as Forbes, with a circulation of
4.5 million, now views open source as a viable business opportunity and not as some flash in
the pan that can be dismissed. I was very encourage by this project. The
people at Forbes get it. And to me, that is one
more indicator that open source now is mainstream.

LJ: Any other government projects in the works?

JW: Of course. What we're working on now is wrapping up
the OpenSSL FIPS 140 validation. We saw some movement on that project
this week. It's looking good. We're working on an expanded version of the
original CRADA with the Navy. In this part of the program, we're studying
some of the Navy's Web service programs. This most likely will evolve
into other projects.

We also have projects with other sections of federal, state and
municipal governments, primarily working on issues of interoperability,
standards and program development. We will be announcing several of these
program over the course of the summer and early fall.

LJ: I heard you have a hand in some OSS
projects getting Common Criteria. Can you explain what this means?

JW: Common Criteria is a certification process that
involves programs and applications dealing with Information Assurance
(IA) programs used within the DoD. There is a directive known as
NSTISSP No.
11,
which stands for the National Security Telecommunications and Information
Systems Security Policy Number 11. It basically says that if a program
dealing with IA does not have either Common
Criteria (CC) or FIPS 140 certification from the National Institute
of Standards and Technology (NIST), then it cannot be used
within DoD systems.

It's tough, but we're talking about national security. IBM and SuSE
got SuSE's Advanced Server on the CC list, and Red Hat and Oracle have
combined efforts to get Red Hat's Advanced Server on the list. That was
extremely important.

As you mentioned, we've been involved in an effort to get
OpenSSL FIPS 140-2 certified. You can read more about it on
our Web site.
And there are other programs out there that people are working on now.

[In the time that] I have been around, this is the most exciting time
to be working with open-source software. We, as a community and as an
industry, are growing so fast and getting so much done that it is incredible.
And what makes it all tick is that everyone--not just a select few--can
participate and make a difference.

Tom Adelstein lives in Dallas, Texas, with his wife, Yvonne,
and works as a Linux and open-source software consultant locally
and nationally. He's the coauthor of the upcoming book
Exploring Linux with the Java Desktop System,
published by O'Reilly and Associates. Tom also has written numerous
articles as a guest editor for a variety of publications on Linux
technical and marketing issues.