-
Notifications
You must be signed in to change notification settings - Fork 10
What We Code In the Shadows OSS at NSA
Andrew Serff edited this page Jul 23, 2018
·
1 revision
Open Source within NSA and the federal government
He ran RedHawk
Federal Source Code Policy M-16-21 - goverment policy that says we should be involved in OSS. - 2016
Legal and Policy
- Copyright
- Early days - the policy is only 2 years old
- Mixed workforce
- How to manage a project
- Pre-pub review
- code.gov - GSA run
- 18F, USDS/DDS, & GSA
- publish at least 20% of new custom code as OSS
- What is OOS
- Isn't it less secure
- Can we do that?
REDHAWK
- They wanted to open source
- took them 18 months
Newer oss projects:
code.nsa.gov
- nbGallery
- Walkoff
- Beergarden
Contributions
- Example: OpenStack, Accumulo
- They have streamlined their approach and have it down to hours.
Releasing software
- Why are we releasing it? Don't just post it and walk away.
- release approval
- what's the classification
- legal, contracts
- Intellectural property claims
- Post release
- Communication - how to manage your OSS project
- they didn't want to go through pre-pub to have to respond to any questions
- Inbound IP
- how they manage contributions to their projects?
- DSS & code.mil - crowdsourced an approach to accepting contributions.
- inbound == outbound. you accept a PR and it inherits the license.
- Developer Certificate of Origin instead of a CLA. Sounds so much easier.
- Signed off by: bob@blah.com
- IP Artifacts
- LICENSE
- INTENT.md
- CONTRIBUTING_IO.md/CONTRIBUTING_DCO.md
- CONTRIBUTIRS.md
- DISCLAIMER.MD
- Communication - how to manage your OSS project
##Projects
Kernel made it into linux, used in macos/ios. SEAndroid is now in latest builds too.
Integration and Automation workflow.
Plugin framework for command-and-control
beer-garden.io
ACES Learn to Code
- Git, GitHub GH-Pages
- Ozone Platform Developer Setup
- HTML, JavaScript, CSS
- Tomcat Web Server Setup
- A Simple Node.js App
- Spark with Docker
- Best Practices for Software Development
Other Tutorials
Conferences
- 2018 - DevOps Days Baltimore
- 2018 DevOps Days Baltimore, Part 2
- DevOpsDays---Baltimore
- Cross-Domain-Technical-Forum
- 2017 Potential Conferences
- LAS December 5th 2016
- DI2E Plugfest 2016
- OSCON 2015
- RWX-2015
- SpringOne-2017
- OSCON-2018
- DinosaurJS 2018
Training
- Developing on AWS
- Agile Team Facilitation
- Amazon AWS Big Data Solutions Day
- Cloudera Developer Training for Spark and Hadoop May 2016