DEFENSE IT fosters open-source software development

The site is based on, a public site that hosts thousands of open-source projects.

Defense Department officials have launched a new Web site where developers can work on open-source software projects specifically for DOD, David Mihelcic, the chief technology officer for the Defense Information Systems Agency (DISA), said today.

The new site, named, is based on the public site which hosts thousands of open-source projects, Mihelcic said at an AFCEA Washington chapter lunch in Arlington, Va.

“It is really is upgraded to meet DOD security requirements,” Mihelcic said. users must use a common access card for authentication. Smart cards also help control access to sensitive information.

Work on started in October 2008, and Mihelcic approved limited operation of the site on Jan. 23, he said.

In its first week, is hosting three open-source projects, Mihelcic said. One project, named DOD Bastille, was started by a DISA intern, he said. DOD Bastille is based on publicly available software that automates the configuration of servers.

DOD Bastille integrates the specific security, technical and implementation guidelines required by DOD.

“Our intern had to stand up 50 Linux machines in a lab and he said, ‘Boy I don’t want to do this by hand; why can’t I use Bastille to do this for me?’” Mihelcic said. “He looked at Bastille and saw it couldn’t do all the things he needed, so he started an open-source project. He got folks like Red Hat to jump in and participate.”

Another project on is designed to manage request for proposals development. The third project automates the secure configuration of Solaris systems, Mihelcic said, adding that he hopes to have 20 projects on in the next six months.

“The open-source development model works for everybody,” Mihelcic said.

About the Author

Doug Beizer is a staff writer for Federal Computer Week.

Reader Comments

Mon, May 18, 2009

Being able to see DOD open source software does not reveal the specific configuration or credentials needed to access any implementation of that software. So there is no security issue. IF... The software was vulnerable to something then anybody could notice and speak up thus allowing the hole to be closed much faster than in a finite pool of developers.

Fri, Mar 6, 2009

So the department of defense wants to use software that can have it's source viewed by anyone? How does this not seem like a security issue?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group