NASA turns to the open source community for advice: Interview with Ray O'Brien, Chief Technology Officer for Information Technology at NASA Ames Research Center
Security is not the biggest challenge for NASA entering the world of open source, according to Ray O'Brien of NASA's Ames Research Center.
NASA’s drive toward open source software (yes, you read that right) is showing up in the NASA-cofounded OpenStack open source development community and in NASA’s open source software summit outreaches to the open source community. Managing Editor Sharon Hess recently caught up with Ray O’Brien, CTO for IT at NASA Ames Research Center, who talks about what’s behind NASA’s drive toward open source – and whether there are any resultant security concerns. Edited excerpts follow.
We received a press release saying that NASA held an open-to-the-public software summit earlier this year. Which types of open source software is NASA using – and for which programs?
Any other NASA open source software?
O’BRIEN: OpenStack – ], which has grown rapidly and just turned a year old; it’s a really good example of a public/private partnership. Other than a standard contributor’s agreement, there is no formal development commitment on the part of OpenStack community members. We just all came together to fill a gap. Anyone in the world can run [the code], or they can enhance it and NASA may also run [the code].
There’s also the open source NASA World Wind application, based on Java. It’s a geospatial application that provides a way for users to “tour” various portions of the Earth .
Why was it based in Java?
O’BRIEN: That’s just the language they selected. It goes back to why do people use open source, really. I think [developers for] every project look at the best option to address a particular requirement. Certainly, with open source, there are savings on license costs, or sometimes it’s the open source feature set, road map for future feature sets, or emphasis of the development community involved.
Something I hear frequently is, “I can actually look at the source code and I can see how something is working. And if I need to, I can actually change something to suit my needs.” And sometimes if you need a feature, a vendor may commit to providing it in the future, but possibly not within a timeframe that works for you. So open source provides another option that may be the best for meeting certain requirements.
Is this reaching out to the private sector by NASA something new?
O’BRIEN: Actually NASA frequently partners with industry and other public and private entities. The twist on this is that open source community development is something in which NASA has not participated in the past. And Nebula [and the OpenStack community] have helped to break new ground there for NASA. The NASA Open Government team is working at the agency level with the appropriate stakeholders to develop the policy that will allow agency participation in open source community development to occur on a broader scale.
Does this OpenStack open source development community work like a standards development organization then?
O’BRIEN: Yeah, but it’s more than that. They don’t just talk about standards – they talk about standards, but then they create code that actually might end up becoming a standard – through adoption, not just because someone said it is a standard. Within the community, developers work on different projects, but every 4 to 6 months, they will get together at a “design summit” to plan the next release. The next design summit is October 5-7 in Boston. OpenStack members include major companies like Intel, HP, Dell, and Citrix.
Can any company join?
O’BRIEN: Yeah, any company can join, any individual can join; you can be a citizen of any country and join. So that’s the beauty of the community development model – that no one cares where good ideas come from.
If absolutely anyone can join OpenStack, do you worry about security, since the software is to be used by NASA, after all?
O’BRIEN: Yeah. We worry about security all the time. But one of the nice things about open source is you can actually see how the code is constructed. You can scrutinize it to make sure it meets your security requirements. That’s frequently not possible with proprietary software where you don’t get the source code. And the other advantage is with the community looking at the source code, you have a much greater chance of spotting flaws in security. So, it kind of turns the argument around.
That’s true, but since OpenStack and therefore Nebula are based on commonly known, open source software, would OpenStack code be more vulnerable to hacking?
O’BRIEN: Open source community development produces logic for many capabilities, but entities like NASA actually implement the open source solution themselves. Because we’re in charge of implementation details and have access to the source code, we can understand how a security mechanism is coded and we can make sure we implement it correctly, so that simply having access to code does not give you a way to breach security.
What has the OpenStack development community achieved so far?
O’BRIEN: The growth of the community has been phenomenal, and it has rolled out three releases in a year. [OpenStack] is being adopted now for service delivery in public and private cloud services. NASA, through the Nebula project, is very proud to be an active member of the OpenStack development community.
How many open source community development projects is NASA involved with right now?
O’BRIEN: Except Nebula [and its involvement with OpenStack as a cofounder and active community member], NASA does not participate in open source community development. Nebula has the only waiver to do that right now.
OK. So, when did NASA’s drive toward more open source begin?
O’BRIEN: A lot of it coalesced around March when we held our open source summit at the Ames Research Center – which brought together 700 people both inside and outside NASA – to discuss the open source community and how those [practices] might apply to NASA.
What did NASA gain from the summit?
O’BRIEN: Many speakers outside the government told us their views of open source, and a broader NASA community heard the benefits of open source. We used many different tools to collect the input and ended up with about 66 proposed solutions for NASA consideration, plus many views and comments on those solutions.
What were the common themes at the summit?
O’BRIEN: The number one thing we learned from non-NASA entities is that the world doesn’t need another open source software license. NASA has its own open source license today, and we’re advised it will be a hindrance rather than a help in getting people to join open source projects involving NASA. NASA was really innovative in 2003 and developed the NASA Open Source Agreement [NOSA] license, which really allowed us to get through some government barriers and release open source products. But NOSA has become more of a barrier than an incentive for people to participate with NASA in open source community development projects. So we need to embrace the other open systems licenses out there. The NASA Open Government team has been looking at those licenses and will be working with the appropriate agency organizations to get them approved for use by NASA.
Is licensing the biggest issue in NASA going more “open source” then, or what’s the main technical problem or challenge?
O’BRIEN: You can break the major issues into policy, culture, and technology.
Regarding policy and open source community development, both licensing and the need to revise the current NASA review process for software release are the big issues.
From a culture standpoint, we need to encourage people within NASA to see open source as a legitimate way to address certain requirements. Everything doesn’t have to be open source, but not everything needs to be proprietary either.
From a technology standpoint, we’re pretty cutting-edge at NASA in a lot of software development. So it’s just a matter of giving people permission to pursue open source community development. There are a lot of projects that want to do what Nebula did, but for whatever reason, they’ve never gone down the path or they’ve not been allowed to.
Who at NASA is doing open source software then?
O’BRIEN: All of the centers have released open source software, some more than others. Ames Research Center is probably the leader in releasing NASA open source, and Goddard releases a lot.
What’s the next step in regard to open source for NASA?
O’BRIEN: One thing we’re trying to do is develop one common website to list all NASA open source software at the agency level, so there’s one directory, one repository. Right now Ames has its own open source Web page [ ], listing their registered open source projects.
We’re also trying to update our policy internally so that open source community development is easier to pursue. And we’re trying to bring the open source community within NASA together to share best practices.
Not only that, NASA is really interested in working with citizens on accomplishing its mission. So if people have ideas for open source development that NASA can work with them on, they should submit their ideas at. We read every submission, and we’re really excited about open source because it’s such a great way to engage the American public.
NASA Ames Research Center 650-604-6875 www.nasa.gov