Linux in Government: An Interview with John Weathersby of OSSI
On July 1, 2004, the Executive Office of the President of the United States issued a memorandum for Senior Procurement Executives and Chief Information Officers. The memorandum emphasizes the President's previous memorandum titled "Maximizing Use of SmartBuy and Avoiding Duplication of Agency Activities". In this latest memorandum, OMB 04-16, the President issued the following ground-breaking statements:
This reminder applies to acquisitions of all software, whether it is proprietary or Open Source Software. Open Source Software's source code is widely available so it may be used, copied, modified, and redistributed. It is licensed with certain common restrictions, which generally differ from proprietary software. Frequently, the licenses require users who distribute Open Source Software, whether in its original form or as modified, to make the source code widely available. Subsequent licenses usually include the terms of the original license, thereby requiring wide availability. These differences in licensing may affect the use, the security, and the total cost of ownership of the software and must be considered when an agency is planning a software acquisition.
As I read this memorandum, I quickly thought of someone who has worked behind the scenes in the federal arena to promote open-source software. Although I know many people are working to get open-source software into government, I consider John Weathersby to be one of the more effective and least recognized figures. Part of his modus operandi has included staying humble, avoiding focus on himself and giving credit to others. In this rare interview, I hope you get a sense of how much he has achieved and how consistently he has worked to achieve this vision.
Linux Journal: Last week, the Linux Journal site published an article about the DoD in which you played a part. You've had a role in some significant events the last two years. How did you get involved in open-source software?
John Weathersby: I'll be the first one to tell you that I am not a technologist. My background is in business development and marketing. But as fate would have it, I got involved in the world of open-source software in 1998. I was one of the founding partners of a company called SAIR Linux and GNU Certification.
At the time, I was a principal in a small business development company. One day, a college professor named Dr. Tobin Maginnis approached us with the idea of building a training and certification company focused on Linux. We had very little idea what Linux was, but we knew Tobin and trusted his instinct that Linux was well on the way to changing the world.
Within 14 months, SAIR was publicly traded and owned by Thomson Media. The real interesting part for me was getting to know the people we worked with in the Open Source community.
SAIR's original advisory board included Richard Stallman, Bruce Perens and Eric Raymond. So, I began my education into the field with these guys. I had to learn the hard way, and fast, when to say free software and GNU/Linux rather than open source and Linux.
After SAIR, I started focusing on the adoption of open source within the government. My primary target always has been the Department of Defense. While at SAIR, I saw first-hand that there were a lot of instances of Linux and other open-source programs running, but few [people] were talking about it.
LJ: What does OSSI do exactly?
JW: The Open Source Software Institute (OSSI) is a non-profit organization whose mission is to promote the development and implementation of open-source solutions within federal, state and local government agencies and academic entities. Our goal is to help identify and facilitate the adoption of open source within the public sector, specifically within the DoD.
LJ: Why the DoD?
JW: Primarily because the US Department of Defense is the largest purchaser and user of IT products and services in the world. And when the DoD says something is worth buying, so goes industry.
Second, the DoD is extremely structured, with rigid standards and protocols. That meant there would be rules to follow, and if you can integrate within the system, then you become a part of the process. Open source is achieving both of these right now.
OSSI members and supporters see our efforts as a way to help build business opportunities as well as support the ideals of open-source software.
LJ: Can you tell us about the work OSSI did for the Navy?
JW: We have a working relationship with the US Navy through a mechanism known as a Cooperative Research and Development Agreement (CRADA). Our CRADA is with the Naval Oceanographic Office, which is based at the Stennis Space Center near New Orleans.
Through the CRADA, we have been able to work closely with the Navy to help identify where they currently are using a wide variety of open-source programs and applications and to demonstrate where they might be able to use other open-source solutions to increase efficiency and save money.
Another tremendous benefit of the CRADA is the opportunity to work directly with members of the Navy in a cooperative, mutually beneficial relationship. The Navy has benefited from the studies of and on-going access to the Open Source Community and industry experts. And, the Community and IT industry has benefitted from the Navy's acceptance and continued implementation of open-source technologies.
And, we as taxpayers all benefit when public dollars are spent more efficiently.
LJ: Your Cornerstone Partner is Hewlitt Packard. How does HP participate in OSSI?
JW: HP was OSSI's initial Cornerstone Sponsor and [it has] continued to support the organization in countless ways. We have several other large corporate members and sponsors, but from the beginning HP has provided not only dollars but direction, insight, technical and business advice and guidance, as well as encouragement. HP has a good grasp on both the open-source philosophical concept and the business model.
So much of what OSSI does is to educate public sector decision makers about the benefits of adopting and utilizing open source solutions. That process takes time, patience and commitment. OSSI is very fortunate to have members [such as] HP that are willing stick with program.
LJ: How are you involved with education and what is the goal of your current effort?
JW: We are very interested in educational programs for a variety of reasons. As with the government, we want to see public dollars used in the most effective and efficient manner possible. Secondly, so many fantastic open-source programs and developers are involved in the academic world that it is crazy not to leverage these resources to our mutual and long-term benefit.
Currently, we [are working on] several educational initiatives. For some, we've seen great progress. [Others have] gotten caught up in the world of turf battles and politics. It is unfortunate and discouraging, but that is part of the process as well.
LJ: Tell us about the Forbes project.
JW: Forbes Magazine did a special advertising section on open source this summer. OSSI worked with representatives from the advertising and editorial staff to help pull together support for the edition.
What I found most encouraging about this project was that a high-profile publication such as Forbes, with a circulation of 4.5 million, now views open source as a viable business opportunity and not as some flash in the pan that can be dismissed. I was very encourage by this project. The people at Forbes get it. And to me, that is one more indicator that open source now is mainstream.
LJ: Any other government projects in the works?
JW: Of course. What we're working on now is wrapping up the OpenSSL FIPS 140 validation. We saw some movement on that project this week. It's looking good. We're working on an expanded version of the original CRADA with the Navy. In this part of the program, we're studying some of the Navy's Web service programs. This most likely will evolve into other projects.
We also have projects with other sections of federal, state and municipal governments, primarily working on issues of interoperability, standards and program development. We will be announcing several of these program over the course of the summer and early fall.
LJ: I heard you have a hand in some OSS projects getting Common Criteria. Can you explain what this means?
JW: Common Criteria is a certification process that involves programs and applications dealing with Information Assurance (IA) programs used within the DoD. There is a directive known as NSTISSP No. 11, which stands for the National Security Telecommunications and Information Systems Security Policy Number 11. It basically says that if a program dealing with IA does not have either Common Criteria (CC) or FIPS 140 certification from the National Institute of Standards and Technology (NIST), then it cannot be used within DoD systems.
It's tough, but we're talking about national security. IBM and SuSE got SuSE's Advanced Server on the CC list, and Red Hat and Oracle have combined efforts to get Red Hat's Advanced Server on the list. That was extremely important.
As you mentioned, we've been involved in an effort to get OpenSSL FIPS 140-2 certified. You can read more about it on our Web site. And there are other programs out there that people are working on now.
[In the time that] I have been around, this is the most exciting time to be working with open-source software. We, as a community and as an industry, are growing so fast and getting so much done that it is incredible. And what makes it all tick is that everyone--not just a select few--can participate and make a difference.
Tom Adelstein lives in Dallas, Texas, with his wife, Yvonne, and works as a Linux and open-source software consultant locally and nationally. He's the coauthor of the upcoming book Exploring Linux with the Java Desktop System, published by O'Reilly and Associates. Tom also has written numerous articles as a guest editor for a variety of publications on Linux technical and marketing issues.