[Klug-general] Linux and Open Standards in Public Government Organisations

James Blake jimmyblake at gmail.com
Thu Sep 3 10:52:32 UTC 2009

Good luck in the new role.

I have quite some experience in providing services to government, both  
central and local.  It us not just commercial products that they seem  
to orientate to, but it is also the standards they use.  Proprietary  
risk assessment standards such as CRAMM, OCTAVE rather than their open  
source equivalents; security architectures such as SABSA rather than  
the open source TOGAF.

Part of this are the constraints imposed (from a security perspective)  
by CESG (the information assurance arm of our GCHQ spy agency, and the  
biggest pain in my posterior).  They only allow specific products and  
they, on the whole very unsavvy about open source.

The other issue with CESG is that they don't tend to accredit  
products, but rather 'configurations'.  The flexibility of open source  
and the lack of a vendor forcing a particular way of deployment  
actually works against open source in government environments.

You'd think they would like the ability to review and analyse the  
code, but the open source community can't provide guaranteed times-to- 
fix under vulnerability management polices like vendors can - even  
though the time-to-fix is considerably better most of the time.



Sent from the mobile device of James Blake

On 3 Sep 2009, at 11:33, nicolas diogo <nicolasdiogo at yahoo.co.uk> wrote:

> Hi folks,
> i have joined a local government institution recently and i am  
> impressed (if that is the right word) with the lack of open-source  
> standards used.
> what i means is that everyone uses MS word 2007, and there is no  
> interest in using alternatives such as openoffice.
> likeways, there are many database servers running MSSQL but none  
> with postgresql or mysql.
> so i wonder if there are other folks reading this list that some  
> experience with public government organisations.
> thanks,
> Nicolas
> _______________________________________________
> Kent mailing list
> Kent at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/kent

More information about the Kent mailing list