T. Kenji Sugahara wrote:
> What do you consider to be the top 5 comp sec./technology issues that
> state government faces today? (This could include, how could the
> state help your company.)
The biggest problem that strikes me as *particular* to the State
Government is that the State is charged with administering some rather
large and unweildy information systems, such as the DMV, health care,
etc. These systems are problematic because:
* they are large
* they are complex
* they have major security issues because the store a lot of
private, personal data that is disasterous to disclose
* they are nearly always large custom software jobs, not easily
assembled out of commodity components and a bit of glue
State governments (not just Oregon) have a long history of disasterous
software development efforts, where a contract worth something up to
some $hundreds of millions is awarded to some large software firm, who
then screw around with bad software development practice, burn 200% of
the allocated funds, and deliver a non-working system. Recent local
examples include the DMV and the Portland Water utility.
This problem relates to local business, in that large insurance & health
care firms face nearly identical issues.
> How would you solve those issues or problems?
Open source! I'm serious :)
A large part of how this problem comes about is the procurement process,
which ultimately results in a large, proprietary, unmaintainable system.
The State then hobbles along with it until it collapses of its own
weight, and then the State procures a newer system, with the same problems.
If the State made it a procurement *requirement* that all such systems
being paid for by the State be delivered with an open source license
(OSD compliant http://www.opensource.org/docs/definition_plain.php )
then the State has a great deal more flexibility in maintaining the
system in the future. In particular, it frees the State to:
* hire additional developers to work on the project outside the
primary contractor
* hire maintenance staff from any source
* fire the primary contractor and replace the development staff
without having to flush 100% of the software developed so far
* engage in open source security and quality reviews of the software
without having to apply NDAs to the reviewers
This is not my idea; it is being widely discussed. It has been proposed
for the state of California, the Federal government of Peru, and
actually implemented for the federal government of Venezuala.
Crispin
--
Crispin Cowan, Ph.D.
Chief Scientist, WireX http://wirex.com/~crispin/
Security Hardened Linux Distribution: http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html
This archive was generated by hypermail 2b30 : Wed Sep 04 2002 - 14:27:27 PDT