Fueling innovative software
July 15-18, 2019
Portland, OR

Yes, it can be done: A primer on using open source in federal government projects

Thomas Scanlon (Carnegie Mellon University)
4:15pm4:55pm Thursday, July 18, 2019
Average rating: *****
(5.00, 1 rating)

Who is this presentation for?

  • FOSS developers and advocates, IT managers, senior IT leaders, policy makers, risk managers, CISOs, and anyone looking to justify use of FOSS in government work




Federal government entities have traditionally been reluctant to allow the inclusion of open source components in their systems due to concerns about quality, reliability, and security. As the momentum for open source continues to grow in mainstream development, the federal government has slowly adopted policies to make use of open source permissible in government projects, but actually doing so is still met with a lot of resistance and roadblocks.

Thomas Scanlon offers an overview of relevant policies that allow for use of open source in federal government projects, delivers tips on getting open source use approved and dealing with bureaucratic hurdles such as RMF and APLs, introduces resources for developing with open source in government settings, and shares a real-world case study from the Department of Homeland Security, where an enterprise-level open source solution was successfully selected and implemented rather than commercial alternatives.

Join in to learn the foundational groundwork needed to successfully advocate for use of open source in government projects and then, upon approval, successfully implement and deliver government solutions with open source.

Prerequisite knowledge

  • Familiarity with issues surrounding the use of open source software in government settings

What you'll learn

  • Understand the challenges for using open source in federal government projects
  • Explore policies and strategies to get open source components approved
  • Discover resources available for open source development in federal government projects along with tips and advice on how to make open source use successful
Photo of Thomas Scanlon

Thomas Scanlon

Carnegie Mellon University

Thomas P. Scanlon is a senior cybersecurity researcher in the CERT Division of the Software Engineering Institute at Carnegie Mellon University. He specializes in applied research topics related to cybersecurity and software engineering such as secure architecture and design, integrating software assurance (SWA) into the full SDLC, cybersecurity evaluations of systems, security automation and RMF, and regularly performs sponsored work in these disciplines at both the classified and unclassified levels for constituents including the Department of Defense, the Department of Homeland Security, the Defense Cyber Crime Center (DC3), the Joint Federated Assurance Center (JFAC), the US Air Force, the US Army, the US Navy, and other government entities. Previously, he spent 10-plus years in IT leadership roles at Fortune 500 companies. He holds a doctoral degree in information systems.