Hi Mark - I work for the Army in Information Assurance and although much of the armed forces are still a bit slow to work with open source, the NSA has been very active in certifying and securing open source systems. For example, they maintain what they call "Security Enhance" Linux (selinux) and work with several apache projects. I suggest contacting the nsa research folks:
http://www.nsa.gov/selinux/ sterling > Alls, > > I am part of a team in the US Department of State charged with > transforming our technical infrastructure from mainframe-centric COBOL > and Micro$oft ASP apps to Linux-based portals and Web services using > open source. Besides the political hassle with vested interests in the > legacy infrastructure, we have Security and the Change Control Board > refusing to even consider open source unless we can show that it is > being used successfully in other branches of the Federal government, > including the military. > > If anybody can share such non-classified projects and/or sites, or a > contact (especially for classified projects) I can call to discuss same, > I would sure appreciate it! > > tia, > Mark > > Mark Galbreath, Sr. Technical Consultant > Project REACH > US Department of State > IRM/OPS/SIO/APD > SA-15/200 > 703-875-4006 > > THIS MESSAGE IS NOT CLASSIFIED.
