[Klug-general] Linux and Open Standards in Public Government Organisations
jimmyblake at gmail.com
Thu Sep 3 10:52:32 UTC 2009
Good luck in the new role.
I have quite some experience in providing services to government, both
central and local. It us not just commercial products that they seem
to orientate to, but it is also the standards they use. Proprietary
risk assessment standards such as CRAMM, OCTAVE rather than their open
source equivalents; security architectures such as SABSA rather than
the open source TOGAF.
Part of this are the constraints imposed (from a security perspective)
by CESG (the information assurance arm of our GCHQ spy agency, and the
biggest pain in my posterior). They only allow specific products and
they, on the whole very unsavvy about open source.
The other issue with CESG is that they don't tend to accredit
products, but rather 'configurations'. The flexibility of open source
and the lack of a vendor forcing a particular way of deployment
actually works against open source in government environments.
You'd think they would like the ability to review and analyse the
code, but the open source community can't provide guaranteed times-to-
fix under vulnerability management polices like vendors can - even
though the time-to-fix is considerably better most of the time.
Sent from the mobile device of James Blake
On 3 Sep 2009, at 11:33, nicolas diogo <nicolasdiogo at yahoo.co.uk> wrote:
> Hi folks,
> i have joined a local government institution recently and i am
> impressed (if that is the right word) with the lack of open-source
> standards used.
> what i means is that everyone uses MS word 2007, and there is no
> interest in using alternatives such as openoffice.
> likeways, there are many database servers running MSSQL but none
> with postgresql or mysql.
> so i wonder if there are other folks reading this list that some
> experience with public government organisations.
> Kent mailing list
> Kent at mailman.lug.org.uk
More information about the Kent