[Open-scap] First ever DevOpsDaysDC June 11, 12 - OpenSCAP should present! CFP deadline 4/15

Greg Elin gregelin at gitmachines.com
Thu Apr 16 02:53:34 UTC 2015 

I submitted a proposal for Shawn, Fen, and myself:

Consumer to Collaborator: Re-imaging the US Governments role in Open Source

Government agencies are often hesitant to use open source tools out of
concerns of security and compliance issues. This hesitancy to use open
source deprives many government agencies from closely collaborating with
others to create software that is finely tuned and widely available to
scratch its own itch. The five-year old OpenSCAP community is helping to
change that and re-imagining the US Governments role in open source through
its NIST-Certified SCAP 1.2 scanning software and growing body of open
source licensed SCAP content. By the OpenSCAP suite scanning and
configuration management tools, government agencies looking to become high
velocity organizations can automate the cumbersome process certifying a
server has been properly hardened for production and begin to develop
community resources for hardening of other popular open source tools. The
OpenSCAP community is actively developing suite of software tools to make
continuous monitoring in agile environments easier, especially for
developers, who often do not realize they could be scanning their systems
more collaboratively with Ops. OpenSCAP is not merely a secure piece of
open source software, it is software that helps demonstrate security and
compliance. The SCAP-Security-Guide Project is the only source of official
configuration management SCAP and hardening content for Linux that is
licensed open source and also directly reviewed by official government
agencies. Initially started (and still significantly funded) by Red Hat,
the OpenSCAP project has recently moved it's repository from the the Fedora
Project to GitHub and has seen an increase in the pace of development.


Greg

On Wed, Apr 15, 2015 at 11:06 AM, Fen Labalme <fen at civicactions.com> wrote:

> I would like to see such a session and will help make it happen (if I can
> actually provide any help, as I'm still an OpenSCAP noob).
>
> What I am particularly excited about is how open source tools can reach a
> wider audience, provide protection for a larger set of services, and - with
> community review and contributions - become to de facto standard for
> security scanning and compliance. And when I said "services" above, I not
> only mean "servers, desktops and mobile" but also Drupal, Wordpress,
> Apache, MySQL, etc.
>
> =Fen
>
> On Wed, Apr 15, 2015 at 7:08 AM, Greg Elin <gregelin at gitmachines.com>
> wrote:
>
>> Nathen mentioned "monitoring, compliance, and open source" as key topics:
>>
>> > Topics will generally focus on the people, culture, processes, and
>> systems that make DevOps possible.  Keys to that, of course, include
>> monitoring, compliance, open source, and more.
>>
>> I think OpenSCAP hits all three of these. That said I think Gov role in
>> open source is of wider appeal.
>>
>> I agree with you observation. How about:
>>
>> "OpenSCAP & Open Source FISMA Compliance: Reimagining the US Governments
>> role in Open Source via security and compliance"?
>>
>> Greg
>>
>>
>> On Tue, Apr 14, 2015 at 7:15 PM, Shawn Wells <shawn at redhat.com> wrote:
>>
>>>
>>>
>>> On 4/14/15 10:42 AM, Greg Elin wrote:
>>>
>>>> Most of the attendees at DevOps Days are developers and web ops/sys
>>>> admins and those people doing a hybrid of both and continuous integration.
>>>> But definitely a techie group.
>>>>
>>>> We hope there will be a good mix of Govies, Dc startups and techie.
>>>>
>>>
>>> What do you feel the OpenSCAP community could offer? From Nathen's
>>> comments, talks on how SCAP could help bridge security compliance across
>>> bimodal environments wouldn't be so interesting to the audience.
>>>
>>> IMO, establishing security processes that span legacy environments (aka
>>> large enterprise applications, VMWare-based environments) and DevOps-ready
>>> (stateless apps, clouds, etc) would help ensure success of the various
>>> DevOps movements.
>>>
>>
>>
>> _______________________________________________
>> Open-scap-list mailing list
>> Open-scap-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/open-scap-list
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20150415/1d0f2418/attachment.htm>

More information about the Open-scap-list mailing list