RealTime IT News

CSI: Open Source

While "CSI" is well known in popular culture thanks to the "CSI: Crime Scene Investigation" TV shows, the former head of the Open Source Development Labs (OSDL) is pushing a different use of the acronym.

Stuart Cohen's CSI is the Collaborative Software Initiative, an organization he started after the Linux Foundation absorbed the OSDL a year ago.

"I wanted to focus on broadening the scope of the organization," Cohen told InternetNews.com. "They chose to focus on the operating system only."

Cohen's CSI is all about applying the open source model to software development in general and not just Linux. It's an idea that originated with the OSDL Customer Advisory Council, whose members had been bombarded with various government regulations and were looking for a way to develop an open source project around compliance and regulatory issues.

A year ago after the OSDL became part of The Linux Foundation, Cohen left and set up shop as CSI. The goal of CSI is to help companies and organizations develop software using open source. In return, the companies save time and money on their projects.

The first project for CSI was an effort for the Financial Services Roundtable's BITS working group, whose members includes the largest financial services companies in the United States.

Cohen explained that a U.S. government regulation requires banks to assess, score and certify that vendors they use for outsourcing and which have access to confidential information are secure.

For the most part, he noted that the banks were using Excel spreadsheets for the initial part of the assessment. The spreadsheets could have thousands of cells in them to address all the questions the financial services firms need to answer. The inherent problem with a spreadsheet approach is that it is difficult to manage and offers limited multiuser capabilities.

"So what we are working on with them is an open source project called RegQ, which stands for regulatory questionnaire," Cohen said.

RegQ is an XML schema developed using an open source stack that provides the banks with a machine-readable substitute for tracking compliance using a spreadsheet.

The RegQ project is only part of a larger equation, though, for financial institutions as well as other software developers. Cohen explained that RegQ fits into a bigger operational risk-management system that banks may be using.

"Ours is just the front-end, data-gathering tool to get information into the databases," Cohen said.

Cohen estimated that a typical operational risk-management system will cost $3 million to $4 million, including implementation. For the front end CSI is building, a software vendor could charge $800,000 or so to develop it.

According to Cohen, because a group of companies are coming together to build and fund the application in an open source approach, the cost could be limited to $100,000 to $200,000.

He said IBM, HP, Novell and Intel, all members of the CSI advisory council, are interested in working with the group on commodity or industry standardization. This collaboration could create a software platform for customization, he added.

While CSI's first effort is in the financial services sector, Cohen sees a broad appeal for his approach. He said he expects CSI's second project, which will be announced in the coming weeks, to show just how broad the applicability of the approach can be.

Cohen did not elaborate on the particulars of the second effort.

"Compliance and regulatory issues are a real focus area, but it's truly a diagonal that goes across industries," he said.