Showing posts with label linux. Show all posts
Showing posts with label linux. Show all posts

Friday, April 3, 2015

Call for Book Chapters - HOMELAND SEC 2015 : Handbook of Research on Homeland Security Threats and Countermeasures


Link: http://www.igi-global.com/publish/call-for-papers/call-details/1771
 
WhenJun 30, 2015 - Nov 30, 2015
WhereN/A
Abstract Registration DueJun 30, 2015
Submission DeadlineAug 3, 2015
Notification DueOct 30, 2015
Final Version DueNov 30, 2015
Categories    homeland security   cyber security   security   threats
 

Call For Papers

Editors
Maurice Dawson, University of Missouri-St. Louis, USA

Call for Chapters:
Proposals Submission Deadline: June 30, 2015
Full Chapters Due: August 30, 2015

Introduction:
This handbook of research will explore multiple aspects of homeland security and countermeasures in today's society. This book provides insights on the current issues surrounding homeland security threats such as cyber terrorism, natural disasters, border control, civil liberties, unmanned systems and more. Additionally, countermeasures such as network security, law enforcement, intelligence, surveillance, reconnaissance, cyber security, and physical security will be explored. Researchers, practitioners, and professionals will benefit from this publication’s broad perspective.

Objective:
This book will aim to provide relevant theoretical frameworks and the latest empirical research findings in the area. It will be written for professionals and researchers who want to improve their understanding of the strategic role of trust at different levels of homeland security and associated countermeasures.

Target Audience:
The target audience of this book will be composed of professionals and researchers working in the field of homeland security, cyber security, and intelligence analysis, e.g. military studies, computer science, security engineering, disaster recovery, business continuity, and information technology. Moreover, the book will provide insights and support from practitioners and academia in order to highlight the most debateful aspects in the field.

Recommended Topics:
Recommended topics include, but are not limited to, the following:
Military intelligence
Cyber security
Military defense
Business continuity
Disaster recover planning
Unmanned systems
Network security
Physical security
Economic security
Immigration enforcement
Law enforcement
Terrorism
Cyber terrorism
Transportation security
Human trafficking
International engagement
Border security
Civil rights and civil liberties
Disasters
Technology transfer and commercialization
Technology management
Information security


Submission Procedure:
Researchers and practitioners are invited to submit on or before June 30, 2015, a chapter proposal of 1,000 to 2,000 words clearly explaining the mission and concerns of his or her proposed chapter. Authors will be notified by July 30, 2015 about the status of their proposals and sent chapter guidelines. Full chapters are expected to be submitted by August 30, 2015. All submitted chapters will be reviewed on a double-blind review basis. Contributors may also be requested to serve as reviewers for this project.

Note: There are no submission or acceptance fees for manuscripts submitted to this book publication, Handbook of Research on Homeland Security Threats and Countermeasures. All manuscripts are accepted based on a double-blind peer review editorial process.

Full chapters may be submitted to this book here: Submit a Chapter

All proposals should be submitted through the E-Editorial DiscoveryTM online submission manager.


Publisher:
This book is scheduled to be published by IGI Global (formerly Idea Group Inc.), an international academic publisher of the “Information Science Reference” (formerly Idea Group Reference), “Medical Information Science Reference,” “Business Science Reference,” and “Engineering Science Reference” imprints. IGI Global specializes in publishing reference books, scholarly journals, and electronic databases featuring academic research on a variety of innovative topic areas including, but not limited to, education, social science, medicine and healthcare, business and management, information science and technology, engineering, public administration, library and information science, media and communication studies, and environmental science. For additional information regarding the publisher, please visit www.igi-global.com. This publication is anticipated to be released in 2016.


Important Dates:
For new submissions
Proposal Submission Deadline: June 30, 2015
Chapter Proposal Approval: July 30, 2015
Full chapter Submission: August 30, 2015
Review Results to Authors: October 30, 2015
Revised Chapter Submission: November 30, 2015
Final Acceptance Notifications: December 15, 2015

For enhanced submissions:
Enhanced chapter submission: June 30, 2015
Review Enhanced Material: June 30-July 30, 2015
Final Deadline for all Materials to IGI: January 30, 2016


Inquiries:
Inquires can be forwarded to electronically (Word document):
Dr. Maurice Dawson
University of Missouri- St. Louis
Department of Information Systems
College of Business Administration
228 Express Scripts Hall
One University Blvd
St. Louis, MO 63121-4400 USA
Phone: +1-314-516-6288
Email: dawsonmau@umsl.edu
Posted by at No comments:
Labels: , , , , , , , , ,

Friday, January 2, 2015

Dawson, M., Leonard, B., & Rahim, E. (2015). Advances in Technology Project Management: Review of Open Source Software Integration. In M. Wadhwa, & A. Harper (Eds.) Technology, Innovation, and Enterprise Transformation (pp. 313-324). Hershey, PA: Business Science Reference. doi:10.4018/978-1-4666-6473-9.ch016

Dawson, M., Leonard, B., & Rahim, E. (2015). Advances in Technology Project Management: Review of Open Source Software Integration. In M. Wadhwa, & A. Harper (Eds.) Technology, Innovation, and Enterprise Transformation (pp. 313-324). Hershey, PA: Business Science Reference. doi:10.4018/978-1-4666-6473-9.ch016

Advances in Technology Project Management: Review of Open Source Software Integration

Maurice Dawson, University of Missouri – St. Louis, USA
Brian Leonard, Alabama A&M University, USA
Emad Rahim, Oklahoma State University, USA
TopABSTRACT
As organizations must continually drive down costs of software-driven projects, they need to evaluate the Systems Development Life Cycle (SDLC) and other software-based design methodologies. These methodologies include looking at software-based alternatives that could save a significant amount of money by reducing the amount of proprietary software. This chapter explores the use and integration of Open Source Software (OSS) in software-driven projects to include in enterprise organizations. Additionally, the legalities of the GNU General Public License (GPL), Lesser General Public License (LGPL), Berkeley Software Distribution (BSD), and Creative Commons are explored with the integration of these OSS solutions into organizations. Lastly, the chapter covers the software assurance and cyber security controls to associate with OSS to deploy a hardened product that meets the needs of today’s dynamically evolving global business enterprise.
TopAPPROACH
The authors reviewed multiple Linux distributions and their uses. Reviewed in depth were the copyrights and open sourcing legal implications.
TopIMPRESSION
As indicated through legal case reviews, there are some very valuable benefits to open source software, in that it allows for collaboration in the development of new software and technology that can undoubtedly spur innovation and improve many processes and functions that individuals and businesses in our society rely on every day. Consequently one purpose of the GNU GPL is to protect and preserve individual rights and the creativity of others while at the same time providing a benefit and contributing to society at large. OSS must be considered in the development process as it is essential in overall license cost reduction with the ability to reuse already constructed software.
TopPROJECT MANAGEMENT
There are numerous perspectives regarding the concept of project management as this is a field with many employment opportunities in various industries such as defense or aerospace (Dawson & Rahim, 2011). Thus, the definitions generated by these perspectives also vary, according to the context in which it is discussed. However, the purpose of most project management activities is generally similar. Project management is a way of managing and organizing corporate resources so the available resources can generate the completion of a project within given scope, time, and resource constraints (Wideman, 2001).
The understanding behind project management also accounts for the definition of a project. A project is a unique endeavor performed to create certain products, services, or results (Project Management Institute, 2009). This definition is dissimilar to the definitions of process and operation due to several factors. The easiest to define is the time-constraint factor. A project performs the work necessary to complete activities within a limited amount of time, while processes and operations generally account for on-going continuous effort. A project aims to produce a single or a group of products, services, or results and the chain of activities are terminated once these are produced. Thus it is important to understand the acquisition of Information Technology (IT) and Information Systems (IS) in project management (Rahim & Dawson, 2010).
TopSoftware Design Methodologies
The SDLC is a process for planning, creating, testing and deploying ISs (Avison & Fitzgerald, 2003). Requirements are an impact factor as they feed the development and serve as an important prerequisite to development. The SDLC is a modified waterfall method as when objectives are not met then the process is to move backward but the goal is to continually move forward into the next process steps such as system deployment. Another design methodology is agile software development. Agile is based on iterative and incremental development, in which requirements and solution evolve through collaborating teams (Cockburn, 2002). In agile it is essential to understand the people factor to ensure success (Cockburn & Highsmith, 2001). A modified agile methodology is Scrum which is an interactive and incremental software development framework (Rising & Janoff, 2000). All methodologies described allow for code reuse and the integration of OSS. As design methodologies continue to grow so does the need for quicker development. To do this effectively one would need to consider using the option of code reuse.
TopDetails of Linux
The definition, terms, and understanding of open-sourcing have been synonymous with the World Wide Linux is an Unix like OS that is built on the Linux kernel developed by Linus Torvalds with thousands of software engineers. As of 2012 there are over two hundred active Linux distributions. The majority of the kernel and associated packages are free and OSS. This type of software provides licenses which allows users the right to use, copy, study, change, and improve the software as the source code is made available. Providing source code allows an organization’s developers or engineers to understand the inner workings of development. Imagine being able to study Mac or Windows by viewing all the source code to replicate similar developments. This exercise would be great for a new developer to learn low level coding techniques, design, integration, and implementation. Students and faculty could actively participate in design groups in which they would contribute code or design guidance for the upcoming software releases.. However some distributions require a cost for updates or assistance that related to specific needs such as OS modifications for server hosting. In software, there is a packet management system that automates the process of installing, configuring, upgrading, and removing software packages from an OS. In the Linux OS builds the most common packet management systems are Debian, Red Hat Package Manager (RPM), Knoppix, and netpkg.
Since Linux does not have redistribution limits it can be used to replace proprietary OSs in computer labs to save costs. The cost that would be associated with the proprietary labs can be redirected towards additional hardware instead. With the many variations of Linux one can find the appropriate distribution for their targeted use. Table 1 displays the different distributions to include the potential uses.

Table 1. 
Linux distributions and uses
Linux DistributionsDescription and Potential UsePacket Management System
UbuntuOne of the most popular Linux OS developed to be a complete OS that can be an easily replacement for other comparable OSs.Debian-based
EdubuntuOS targeted for grades k-12. Contained in OS are tons of software applications that is useful to those who are education majors.Debian-based
Damn Small LinuxThis OS is designed to as a small OS to be utilized on older hardware. This OS is great for institutions that have old computers and want to revitalize them for use. OS is also great for VMs as DSL requires a low amount of memoryKnoppix-based
BackTrackOS based on Ubuntu for digital forensics and penetration testing. Great tool for students majoring in technology fields. As cyber security is becoming a hot topic around the world this tool provides students the ability to learn from over thirty software applications that aid in penetration testing and more.Debian-based
Kali LinuxOS based BackTrack that is a continuation of the popular penetration testing distribution.Debian-based
Red Hat Enterprise LinuxThis OS serves as the standard for many enterprise data centers. OS was developed by Red Hat and targeted for commercial use. Red Hat has a policy against making nonfree software available for the system through supplementary distribution channels. This is different and why this OS is listed as an exception in terms of OSS.RPM-based
FedoraThis OS is supported by the Fedora Project and sponsored by Red Hat. This OS provides a great resource for learning Red Hat Enterprise Language (RHEL). As there are thousands of jobs requiring expertise specifically with Red Hat this OS is a great tool to prepare students for employment in IT. Fedora has over six Fedora Spins such as Design-suite, Scientific-KDE, Robotics, Electronic-lab, Games, and more.RPM-based
CentOSThis OS derived entirely from RHEL. The source code is developed from Red Hat which allows a student to learn RHEL with a small number of differences. CentOS can be used for teaching IT students on how to setup, administer, and secure a server.RPM-based
SUSE LinuxOS is of German origin with the majority of its development in Europe. Novell purchased the SUSE brand and trademarks.Debian-based
XubuntuXubuntu is based upon Ubuntu however it uses the light weight Xfce desktop environment.Debian-based
Ubuntu StudioThis OS is derived from Ubuntu. This OS is developed specifically for multimedia production such as audio, video, and graphics. Departments for multimedia could use this OS for multimedia instruction and the development of projects. As many of the tools for multimedia production are expensive this alleviates large license costs for institutions.Debian-based
LubuntuOS is based on Ubuntu and uses the LXDE desktop environment. It replaces Ubuntu’s Unity shell and GNOME desktop.Debian-based
Chromium OSAn open source light weight OS that is targeted for netbooks and mobile devices.Portage-based
Fedora is an OS based on the Red Hat Package Manager (.rpm) (Proffitt, 2010). Fedora has a side development project known as Fedora Spins which contains multiple spin off versions of the Fedora OS. These spins allow academics, researchers, and students the ability to perform tasks such as cyber security, forensics, electronics design, and more (Petersen, 2013). Two of the spins are lightweight distributions which are key to reviving older systems. Kitten Lightweight Kernel (LWK) and other similar kernels allow individuals the ability to practice development on lightweight OSs (Brightwell, Riesen, Underwood, Hudson, Bridges, & Zaharia, 2003). The possibilities are endless for encouraging low level development, integration, and increasing overall lifecycle expertise.
TopWhy Use Open Source
Using OSS such as Linux allows for a significant reduction in the cost of proprietary licensing. Additionally, when coupled with virtualization OS capabilities can be replicated in a virtualized layer (Dawson & Al Saeed, 2012). Much software today is too complex to be developed from scratch thus reuse adds competitiveness allowing for immediate code reuse (German, & González-Barahona, 2009). In addition, OSS provides the ability to allow developers to perform static code analysis on source code as it is readily available (Louridas, 2006). As over half of the vulnerabilities are found in the application using OSS could provide beneficial to all that are stakeholders in the SDLC (Paul, 2011). Additionally, benefits include the ability to capture all known and unknown risks that allow the use of sound software engineering practices (McGraw, 1999).
TopArgument against the Use of Open Source
One of the most well-known arguments against the use of OSS is that individuals with malicious intent can find flows within the code and exploit them (Carrier, 2002). The issue with this particular argument is that proprietary software packages or closed OSs are being exploited such as Windows. More importantly more research needs to be understood on the accessibility and human use of the different operating environments (González, Mariscal, Martínez, & Ruiz, 2007). The misconceptions surround ease of use in which individuals feel they need to have a mastery of command line among other system administrator like abilities to navigate the desktop based OSs. Thus more attention needs to be provided to system usability for industry and home use on the modern open source Linux OS such as Ubuntu 14.04 Long Term Support (LTS) and others (Brooke, 1996).
The U.S. Constitution provides that, “The Congress shall have Power… [t]o promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries;…”1 A copyright gives the author, provided certain legal requirements are met, exclusive rights to distribute, sell, license, produce, and publish the copyrighted material (Cheeseman 2013). Moreover, the Copyright Revision Act of 1976, establishes the legal requirements for copyright protection and provides for protection for copyright infringement (Cheeseman 2013). In addition, in 1989, the U.S. and several other countries signed the Berne Convention, which is an international copyright treaty.
Establishing copyright protection is only half the battle. In order to prove copyright infringement, one must show that a party has copied a substantial and material part of the owner’s copyrighted work without permission (Cheeseman 2013). If successfully proven, an owner of a copyrighted work may recover profits from the infringement, damages suffered by the owner, and even a court order requiring destruction of the infringing material and/or an order preventing such infringement in the future (Cheeseman 2013).
License Agreement
In its most basic sense, a licensing agreement is a detailed agreement which indicates the terms between a licensor, the owner and/or creator of intellectual property, and a licensee, the party who his granted limited rights in or access to the intellectual property (Cheeseman 2013). A licensing agreement may be a contract, but all licensing agreements may not meet the requirements of a contract. (Stein 2006). The extent to which a licensing agreement meets the legal requirements of a contract may provide greater or lesser legal protection of the intellectual property (Stein 2006).
Traditional Contract Law
Basic contract law requires that in order for an agreement to be legally enforceable, it must contain at minimum, an offer, an acceptance, and must be supported by consideration. An offer is generally a manifestation of intent to be bound, and an acceptance requires an unequivocal assent to the terms of the offer. Consideration is generally defined as bargained for exchange, where each side of the agreement receives some legal value. Generally courts will not inquire into the adequacy of consideration, or in other words the sufficiency of consideration (Cheeseman 2013). If an agreement is a legally enforceable contract, the law provides for several remedies in the event that a party to the agreement does not fully perform the agreement or violates its terms in some way.
TopUnique Challenges of Open Source Software
Copyleft and Free of Charge
One of the major challenges of “open source software,” is the fact that the author or creator of the original source code, makes their source code available to other users to distribute and modify, free of charge, and in many cases requires that any modification of that source code must also remain free and available to other users down the line, or the concept of copyleft work (Stallman, 2013). The problem for traditional copyright law is that it has primarily been focused on protecting and restricting the use and distribution of copyrighted work rather than the free and open distribution thereof. Furthermore, the fact that the software is made available free of charge creates some problems when it comes to determining whether and to what extent the author or creator has suffered any damages, and is therefore entitled to any compensation as is usually the case in the traditional copyright infringement lawsuit.
Enforceability
Furthermore, given the usual form of the open source licenses utilized by creators and authors of open source software, there is some question as to the availability of proof that the licensee of open source software is even aware or ever assents to the terms of the license. (Stein 2006). For example, if a licensee of open source software is not aware that there is a license or what the terms of the license provide, it may be difficult, in the event that the user modifies the licensed source code and then attempts to restrict its availability to others, for the author or licensor to enforce the license against the licensee. This would not be the case for example, if the licensee was required to download the source code and in doing so had to accept the terms and conditions of the license (Stein 2006).
Lack of Consideration
Another challenge for licensors of open source software is whether and to what extent the license is actually a contract or merely a bare license (Stein 2006Mandrusiak 2010). If an open source license was considered to be more than just a bare license, but a contract, the author or creator may enjoy greater protection. (Stein 2006Mandrusiak 2010). The problem however is that in order to be considered more than just a bare license, but a contract, the license would have to meet the traditional contract law requirements, which includes consideration. In order for an open source license to be enforceable as a contract, the author or creator must show that it is supported by consideration. Thus the author or creator or licensor must be able to show some legal value provided and received for the use of the license and source code. Since many of these open source code license are made available free of charge, it may be more difficult for a licensor to make such a showing. There are other arguments that a licensor may have such as that the promise to abide by the terms of the license could be sufficient consideration, but it may be unclear whether courts would agree with this rationale. If not, then the open software license would not be considered a legally enforceable contract and therefore, would not receive the traditional contract law protections or remedies for breach.
Illustrative Cases
There have been a few cases to consider the legal protections afforded to some open source software code materials. For example, inComputer Associates International v. Quest Software, Inc., et al., the court recognized the validity of the GPL involved in that case, and specifically found that any user of the GNU GPL was bound by its terms.2 Furthermore, the court noted that no copyright protection could be afforded to the modified version of the source code provided based on the terms of the GNU GPL. However, the Court further found that where the GNUGPL provided an exception for the commercial use of the output of that program, the GNUGPL would not be violated and copyright protection may exist for that output.3
In addition in Progress Software Corporation, et al., v. Mysqlab, et al., the Court recognized and considered, but did not rule upon at that stage of the case, a GNUGPL that was at issue in that case.4 Furthermore, in Planetary Motion, Inc., v. Techplosion, Inc., Michael Gay A.K.A. Michael Carson, the Court recognized and reiterated that the GNU GPL utilized in that case, “…allows users to copy, distribute and/or modify the Software under certain restrictions, e.g., users modifying licensed files must carry “prominent notices” stating that the user changed the files and the date of any change.”5
Lastly, but certainly not least, probably the most notable case which dealt with legal protection, specifically copyright protection and open source software, is the Jacobsen, v. Katzer,et. al.6 In Jacobsen, the U.S. Court of Appeals for the Federal Circuit, considered whether and to what extent a copyright holder, could use copyright laws to enforce an open source license, with respect to software that that had been made free and available to the public. The District Court held that while the defendant’s actions may have been in breach of the nonexclusive Artistic License granted to them, they did not rise to the level of copyright infringement, and thus did not allow the copyright holder to use copyright laws to enforce the open source license.
The U.S. Court of Appeals for the Federal Circuit, on the other hand not only recognized the existence of the Artistic License, but held that despite its nonexclusivity, the Artistic License, did prevent certain other actions from being taken with regard to the source code, specifically use of the information without compliance with the Artistic License, such as indicating the source of the material, and including appropriate notices with any subsequent distribution of the material.7 The Court specifically held, that “Copyright holders who engage in open source licensing have the right to control the modification and distribution of copyrighted material.”8 The court also held that the mere fact that open source licenses like the Artistic License at issue in the case are free of charge, does not render them devoid of economic value, and does not entitle them to any less protection than other forms of copyrighted material. The Court stated, “[t]he choice to exact consideration in the form of compliance with the open source requirements of disclosure and explanation of changes, rather than as a dollar-denominated fee, is entitled to no less legal recognition.”9
Thus, the Jacobsen case appears to have provided at least one example of where a Court has provided copyright and it appears probably contract protection open source software utilizing open source licenses, in a way that some had believed was not possible given their unique nature. However it should be noted, that it is not clear whether other federal circuits will follow suit, and/or if the U.S. Supreme Court will ultimately agree with the Jacobsen Court in its analysis of this issue. As with many issues in the law, we will have to wait and see.
UCITA
In addition to the cases previously discussed, the Uniform Computer Information Transactions Act (UCITA) may also provide some legal protection to open source software and code, in the states where it has been enacted, and except where federal law controls, such as in the area of copyright law. The “…UCITA is a model act that establishes a uniform and comprehensive set of rules governing the creation, performance and enforcement of computer information transactions.” (Cheeseman 2013).
TopReview of the Specific Licenses
GNU GPL v3
After a review of the terms and conditions provided by this license it appears to be more comprehensive in its requirements for use of the licensed software. It contains several more terms and appears to contain many more prohibitions that the previous version of the license terms contained. It contains the requirement to include appropriate notices for distribution of the code. It also contains specific prohibitions regarding restriction on the subsequent use of the code, including modified versions, by downstream users (Kumar, 2006).
GNU GPL v2
After review of the terms and conditions of this license, this version’s license does not appear to have as many requirements and certainly is not as long as the newest version of this software’s license appears to be. While considerably shorter than the subsequent version’s license, this license does still maintain and include the requirement that appropriate notices accompany the distribution of the code (Kumar, 2006).
LGPLv3
After review of the terms and conditions of this license, this version’s license does not appear to have as many requirements as either of the licenses under the GNUGPLv3 or v2, but it does maintain several requirements for compliance. Of note, is this license includes an exception to the GNUGPL license, namely that the work produced under this license may be reproduced without compliance with Section 3 of the GNUGPL, which relates to Protecting Users’ Legal Rights from Anti-Circumvention Law.
LGPL v2
After review of the terms and conditions of this license, this version’s license appears to somewhat longer than the terms and conditions of the subsequent version’s license, but it appears to be closer to the GNUGPLv2’s license terms than the LGPLv3’s terms and conditions, and noticeably does not include the exception to the GNUGPL license as is contained in the subsequent version of this license.
LLGPL
After review of the Lisp Lesser General Public License (LLGPL), this version’s license is like the LGPL but with a prequel. This prequel defines the effect in terms more typically used in Lisp programs. This license is grounded in the C programming language as the license specifically calls out functions not present in other languages that are not traditionally compiled (Greenbaum, 2013).
Creative Commons
After review of the terms and conditions of this license, it appears that this license is very similar to that of Modified BSD. It is interesting of note that the license begins by indicating that the company is not a law firm. Additionally, this license appears to include a waiver of copyrights and related rights, and a fall-back in the event that the waiver is invalidated, which appears to be based upon the purpose of promoting the overall ideal of free culture. In addition this license includes a limitation to make sure that neither patent or trademark rights are being waived by this license.
Artistic License 2.0
After review of the terms and conditions of this license, this license appears to be very similar to that at issue in the Jacobsen case discussed above. Moreover, it appears that this license makes clear that the copyright holder intends to retain some creative control over the copyrighted work overall, while still trying to ensure that the copyrighted material remains as open and available to others as possible under the circumstances.
Modified BSD
After review of the terms and conditions of this license, these terms and conditions appear to be the shortest list of terms and conditions of all of the licenses reviewed in this paper. Additionally this license appears to allow reproduction and modification of the copyrighted material provided certain conditions are met, which if subject to legal challenge, a court might construe as being subject to only protection as a contract, at best, and a bare license at worst. Moreover, based upon the legal authorities cited in this paper, it may be unclear whether this license may provide sufficient copyright protection.
Clear BSD License
After review of the terms and conditions of this license, this license appears to be very similar to the Modified BSD License, in that it is very short, and appears to allow reproduction only if certain conditions are met. This license does make clear that no patent rights are granted by this license.
TopCYBER SECURITY AND SOFTWARE ASSURANCE
As malicious intent is an issue with OSS it is important to deploy software security in the development lifecycle to ensure proper security posture (McGraw, 2004). To do this effectively while minimizing the effort for developing controls, organizations can adopt government cyber security controls from the National Institute of Standards and Technology (NIST) Special Publications (SP) 900 Series to include the Department of Defense (DoD) (Dawson Jr, Crespo, & Brewster, 2013). On April 26, 2010, the DoD released the third version of the Application Security and Development Security Technical Implementation Guide (STIG) provided by the Defense Information Systems Agency (DISA). This STIG can be used as a baseline for software configuration and development. DISA provides STIGs for other system components that can allow for full system hardening that will provide the OSS additional security through defense in depth. This process allows for Availability, Integrity, and Confidentiality (AIC) of the entire system.
In the event of a vulnerability finding within the OSS, the software code may require redesign and implementation. This iterative cycle is costly in time and resources. To truly understand security threats to a system, security must be addressed beginning with the initiation phase of the development process. For an organization this means they must allow the Information Assurance (IA) controls and requirements to drive design and influence the software requirements. Therefore, any identified security threats found during the requirements and analysis phase will drive design requirements and implementation. Security defects discovered can then be addressed at a component level before implementation. The cost of discovery and mitigation can be absorbed within the review, analysis and quality check performed during the design, and implementation of our SDLC. The resultant product is one with security built in rather than security retrofitted. Figure 1 displays the Secure-SDLC (S-SDLC) process in which OSS can be implemented into the development process. For Agile or Scrum this process must be modified to be aligned with that specific design process.
Figure 1. 
Industry standard secure software development life cycle activities
TopCONCLUSION
As indicated in the Jacobsen case, there are some very valuable benefits to open source software, in that it allows for collaboration in the development of new software and technology which can undoubtedly spur innovation and improve many processes and functions that individuals and businesses in our society rely on every day. Consequently one purpose of the law is to protect and preserve individual rights and the creativity of others while at the same time providing a benefit and contributing to society at large. How courts will interpret and protect and/or enforce open source licenses will depend greatly on how well the case can be made that this form of software and use can be beneficial and still comports with the overall interests that copyright law was intended to accomplish in the first place. As with any new development, the law will have to endeavor to ensure that it strikes a delicate balance between the good of the many and the good of the few or the individual. The use of OSS proves to be a positive and viable option with the addition of appropriate cyber security controls to mitigate risks of use in projects.
TopREFERENCES
Avison D. Fitzgerald G. (2003). Information systems development: methodologies, techniques and tools. McGraw Hill.
Brightwell, R., Riesen, R., Underwood, K., Hudson, T. B., Bridges, P., & Maccabe, A. B. (2003, December). A performance comparison of Linux and a lightweight kernel. In Proceedings of Cluster Computing, (pp. 251-258). IEEE. 10.1109/CLUSTR.2003.1253322
Brooke, J. (1996). SUS-A quick and dirty usability scale. Usability Evaluation in Industry189, 194.
Carrier, B. (2002). Open source digital forensics tools: The legal argument. Stake Research Report.
Cheeseman, H. (2013). The Legal Environment of Business and Online Commerce. Academic Press.
Cockburn A. (2002). Agile software development. Boston: Addison-Wesley.
Cockburn A. Highsmith J. (2001). Agile software development, the people factor.Computer, 34(11), 131–133. 10.1109/2.963450
Computer Associates International v. Quest Software, Inc., et al. 333 F.Supp.2d 688, 698 (N.D.Ill. 2004).
Dawson M Jr , E., Crespo, M., & Brewster, S. (. (2013). DoD cyber technology policies to secure automated information systems.International Journal of Business Continuity and Risk Management, 4(1), 1–22. 10.1504/IJBCRM.2013.053089
Dawson M. Rahim E. (2011). Transitional leadership in the defence and aerospace industry: A critical analysis for recruiting and developing talent.International Journal of Project Organisation and Management, 3(2), 164–183. 10.1504/IJPOM.2011.039819
Dawson M. E. Al Saeed I. (2012). Use of Open Source Software and Virtualization in Academia to Enhance Higher Education Everywhere.Cutting-edge Technologies in Higher Education, 6, 283–313. 10.1108/S2044-9968(2012)000006C013
German, D. M., & González-Barahona, J. M. (2009). An empirical study of the reuse of software licensed under the GNU General Public License. In Open Source Ecosystems: Diverse Communities Interacting (pp. 185-198). Springer. 10.1007/978-3-642-02032-2_17
González, Á. L., Mariscal, G., Martínez, L., & Ruiz, C. (2007). Comparative analysis of the accessibility of desktop operating systems. InUniversal Acess in Human Computer Interaction. Coping with Diversity (pp. 676-685). Springer. 10.1007/978-3-540-73279-2_75
Greenbaum E. (2013). Lisping Copyleft: A Close Reading of the Lisp LGPL.International Free and Open Source Software Law Review, 5(1), 15–30.
Jacobsen, v. Katzer, et al 535 F.3d 1373 (Fed. Cir. 2008)
Kumar, S. (2006). Enforcing the Gnu GPL. U. Ill. JL Tech. & Pol'y, 1.
Louridas P. (2006). Static code analysis.Software, IEEE, 23(4), 58–61. 10.1109/MS.2006.114
Mandrusiak L. (2010). Balancing Open Source Paradigms And Traditional Intellectual Property Models to Optimize Innovation. Maine Law Review, 63(1), 303.
McGraw G. (1999). Software assurance for security.Computer, 32(4), 103–105. 10.1109/2.755011
McGraw G. (2004). Software security.Security & Privacy, IEEE, 2(2), 80–83. 10.1109/MSECP.2004.1281254
Paul M. (2011). Official (ISC) 2 Guide to the CSSLP. CRC Press. 10.1201/b10978
Perens, B. (1999). The open source definition. In Open sources: Voices from the open source revolution, (pp. 171-85). Academic Press.
Petersen, R. (2013). Social Networking: Microblogging, IM, VoIP, and Social Desktop. In Beginning Fedora Desktop (pp. 219-227). Apress.
Planetary Motion, Inc., v. Techplosion, Inc., Michael Gay A.K.A. Michael Carson 261 F.3d 1188, 1191 (11th Cir. 2001).
Proffitt B. (2010). Introducing Fedora: Desktop Linux. Course Technology Press.
Progress Software Corporation, et al., v. Mysqlab, et al., 195 F.Supp.2d 328 (D.Mass. 2002)
Project Management Institute (PMI) . (2009). A Guide to the Project Management Body of Knowledge (4th ed.). Philadelphia: PMBOK Guide.
Rahim E. Dawson M. (2010). IT Project Management Best Practices In A Expanding Market.Journal of Information Systems Technology and Planning, 3(5), 59–65.
Rising L. Janoff N. S. (2000). The Scrum software development process for small teams.IEEE Software, 17(4), 26–32. 10.1109/52.854065
Stallman, R. (1991). GNU general public license. Free Software Foundation, Inc. Retrieved from http://www.gnu.org/licenses/licenses.html#GPL
Stallman, R. M. (2013). GNU free documentation license. Academic Press.
Stein M. (2006). Rethinking the UCITA: Lessons from the Open Source Movement.Maine Law Review, 58(1), 157.
Wideman, R. M. (2001). The Future of Project Management. AEW Services. Retrieved February 23, 2014 from http://www.maxwideman.com/papers/future/future.htm
Posted by at No comments:
Labels: , , , , , , , , , , , ,

Friday, October 17, 2014

Advances in Technology Project Management: Review of Open Source Software Integration


Advances in Technology Project Management: Review of Open Source Software Integration from Maurice Dawson

As organizations must continually drive down costs of software-driven projects, they need to evaluate the Systems Development Life Cycle (SDLC) and other software-based design methodologies. These methodologies include looking at software-based alternatives that could save a significant amount of money by reducing the amount of proprietary software. This chapter explores the use and integration of Open Source Software (OSS) in software-driven projects to include in enterprise organizations. Additionally, the legalities of the GNU General Public License (GPL), Lesser General Public License (LGPL), Berkeley Software Distribution (BSD), and Creative Commons are explored with the integration of these OSS solutions into organizations. Lastly, the chapter covers the software assurance and cyber security controls to associate with OSS to deploy a hardened product that meets the needs of today's dynamically evolving global business enterprise.
Posted by at No comments:
Labels: , , , , ,

Wednesday, January 29, 2014

Open Source Software to Help Business Students Navigate Costly Software Licensing


Posted by at No comments:
Labels: , , ,

Thursday, April 4, 2013

Published Book Chapter with Emerald Publishing [Increasing Student Engagement and Retention Using Immersive Interfaces]

Posted by at No comments:
Labels: , , , , , , , , , , ,

Thursday, December 20, 2012

Tech Linux Research Institute


Posted by at No comments:
Labels: , , , , , , , ,

Monday, October 22, 2012

Innovation in cs/it via open source software


Posted by at No comments:
Labels: , , , , ,

Monday, August 27, 2012

Linux: Then and Now

Linux: Then and Now
Posted by at No comments:
Labels: ,

Saturday, August 25, 2012

Dr. Maurice Dawson speaks about "Utilization of Open Source Software (OSS)" at the CTU July 2012 Symposium - Part 1 of 4


Dr. Maurice Dawson speaks about "Utilization of Open Source Software (OSS)" at the CTU July 2012 Symposium - Part 1 of 4 from Richard Courchesne on Vimeo.


Dr. Maurice Dawson, Assistant Professor of Management Information Systems at Alabama A&M University, speaks to a crowd of Computer Science doctoral students about "Utilization of Open Source Software (OSS)" during the Colorado Technical University July Symposium in Colorado Springs. On July 22nd 2012, Dawson shares locations of open source applications for virtualization, cloud computing, hypervisors, and penetration testing tools with the audience.
Dr. Dawson's "Innovation in CS/IT via Open Source Software" slideshow can be seen at slideshare.net/drdawson/innovation-in-csit-via-open-source-software
Posted by at No comments:
Labels: , , , , , , , ,

Thursday, February 16, 2012

ListOfOpenSourcePrograms

View LOOP at https://help.ubuntu.com/community/ListOfOpenSourcePrograms


List Of Open-source Programs (LOOP) for Microsoft Windows Operating Systems
What is the LOOP list?
  • This is a list of the best open-source applications that run on Windows. Feel free to edit this list and add any programs that meet the criteria below. The purpose of this list is to demonstrate the quality of open-source applications and advocate the open source software development model. To learn more, read the FAQ - Frequently Asked Questions.
Instructions:
  • Tell all your non-Linux friends and family about the LOOP list. On this list they will find free, high-quality replacements for the software that they have purchased/pirated. Once they become familiar with these new applications, introduce them to your favorite Linux distribution, such as Ubuntu. Then help them convert to Linux, using the same applications that they became familiar with on Windows.
Rules for adding programs to the LOOP list:
  1. Must be open-source.
  2. Must run natively on Microsoft Windows operating systems.
  3. Only include the best application for each specific purpose. In rare cases, up to three applications may be listed.
  4. Include the names of the top three proprietary applications that provide similar functionality, if known.

Desktop Applications

Communication

Engineering

Educational

Financial

Games

Productivity

Management

  • Gantt chart = GanttProject
    • Compare to: Microsoft Project
    Project management = PlannerOpenWorkbench
    • Compare to: Microsoft Project
    Report Creator = JasperReports
    • Compare to: Crystal Reports
    Analisi dei processi = APbyAS
    • Compare to Unknown
    Gestione Attività = PMbyAS
    • Compare to Microsoft Project
    Team Collaboration = Mindquarry
    • Compare to Microsoft Sharepoint
    Human Resource Management = OrangeHRM
    • Compare to PeopleSoft HCM

Misc

  • Animal Shelter Manager = Animal Shelter Manager
    • Compare to: Unknown
    Virtual PC emulator = VirtualBoxBochsQemu
    • Compare to: VMware, Microsoft Virtual PC
    Linux environment = Cygwin
    • Compare to: Microsoft Services For Unix (SFU) (formerly Interix, formerly OpenNT)
    Recipe Manager = Gourmet Recipe Manager
    • Compare to: Unknown
    Screen Saver = Really Slick Screensavers
    • Compare to: Unknown
    Language Translation tool = OmegaT
    • Compare to: Unknown
    Countdown Timer = CookTimer
    • Compare to: Unknown
    Application Launcher = Launchy
    • Compare to: Unknown
    Worship presentation = OpenLP
    • Compare to: MediaShout, SongPro

Multimedia

3D

Audio

  • Audio Composition = OpenSebJ
    • Compare to: Ableton Live
    Audio Editing = Audacity
    • Compare to: Adobe Audition
    Audio Player = CoolplayerZinfSongbird
    • Compare to: WinAMP, Windows Media Player, iTunes
    Drum Machine = Hydrogen
    • Compare to: Unknown
    MP3 Ripper = CDex
    • Compare to: Exact Audio Copy
    Piano Sampled Virtual Instrument = vScaleNotes
    • Compare to: Ivory - Grand Pianos
    Volume normalizer = MP3Gain
    • Compare to: Unknown

Drawing

  • Diagram Editor = Dia
    • Compare to: Microsoft Visio
    Image Editing = Gimp
    • Compare to: Adobe Photoshop, Corel Paint Shop, Paint.NET
    Vector Drawing = Inkscape
    • Compare to: Adobe Illustrator, CorelDRAW

Other

Video

Security

Software Development

gambas A visual development environment using a programming language similar to Visual Basic
  • Compare to: Microsoft Visual Basic

Utilities

Server Applications

Content Management

  • Enterprise Content Management = Alfresco
    • Compare to: Sharepoint, Documentum,Filenet, OpenText, Vignette, Interwoven

Database

File Server

Messaging

Security

  • Intrusion Detection System (IDS) = Snort
    • Compare to: Unknown
    VPN server = OpenVPN
    • Compare to: Cisco VPN

Web

  • Application server = JBoss
    • Compare to: BEA Weblogic, IBM Websphere
    Rich Internet Application Server = OpenLaszlo
    • Compare to: Macromedia Flex
    Statistics Generator = AWStats
    • Compare to: Unknown
    Web server = Apache
    • Compare to: Microsoft Internet Information Services (ISS)
Posted by at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)