Open-source software gets nod from DOD

Open-source software proponents last month cheered a memorandum from Defense Department CIO John P. Stenbit, freeing DOD agencies to use open-source software under certain conditions.

The memo said open-source software, like off-the-shelf software, must meet the security and validation requirements in National Security Telecommunications and Information Systems Security Policy Number 11 and other DOD configuration guidelines.

The memo cited the Linux operating system as an example of software licensed under the GNU General Public License, which imposes the same conditions on modified versions as on the original code. The GNU license is one of the more common open-source licensing agreements.

Already in use at DOD

Stenbit's memo followed a report by Mitre Corp. of Bedford, Mass. The report used responses to an e-mail survey, which located 115 open-source applications within DOD and 251 examples of their use.

Open-source software 'plays a more critical role in DOD than has generally been recognized,' the Mitre study concluded.

'We realized there was a lot of open-source being used in the department, and we wanted to make sure it meets the requirements,' said Robert Gorrie, deputy director of the Defense Information Assurance Program.

Tony Stanco, associate director of the Cyber Security Policy and Research Institute at George Washington University, called the memo 'a huge deal' because it is the first time DOD has said it won't give preference to proprietary software.

Linux is in use for various DOD projects, even weapons systems, but cautious agencies have waited for official clearance.

'You don't have to do it in the shadows anymore,' Stanco said.

Open-source advocate Chris DiBona, who worked at the State Department in the mid-1990s during the early days of Linux, said the official imprimatur makes things easier.

'One thing government people really hate to do is go against the rules,' said DiBona, now marketing vice president at Damage Studios Inc. of San Francisco.

Many open-source apps run in mixed environments, DiBona said'for example, Apache Web Server freeware under Microsoft Windows 2000 or the open-source gcc compiler under Sun Solaris.

Stenbit's memo recognizes what open-source advocate Chris DiBona called the 'fact of life' that IT shops in the department cannot get along without at least some open-source apps.

The Center for Open Source and Government, which Stanco also heads, is coordinating efforts to get Linux certified under the international Common Criteria security evaluation program recognized by the National Institute of Standards and Technology.

Stanco posted an Adobe Portable Document Format copy of Stenbit's memo, at www.egovos.org.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above