DEFENSE IT

Forge.mil fosters open-source software development

The Forge.mil site is based on SourceForge.net, a public site that hosts thousands of open-source projects.

Defense Department officials have launched a new Web site where developers can work on open-source software projects specifically for DOD, David Mihelcic, the chief technology officer for the Defense Information Systems Agency (DISA), said today.

The new site, named Forge.mil, is based on the public site SourceForge.net which hosts thousands of open-source projects, Mihelcic said at an AFCEA Washington chapter lunch in Arlington, Va.

“It is really is SourceForge.net upgraded to meet DOD security requirements,” Mihelcic said.

Forge.mil users must use a common access card for authentication. Smart cards also help control access to sensitive information.

Work on Forge.mil started in October 2008, and Mihelcic approved limited operation of the site on Jan. 23, he said.

In its first week, Forge.mil is hosting three open-source projects, Mihelcic said. One project, named DOD Bastille, was started by a DISA intern, he said. DOD Bastille is based on publicly available software that automates the configuration of servers.

DOD Bastille integrates the specific security, technical and implementation guidelines required by DOD.

“Our intern had to stand up 50 Linux machines in a lab and he said, ‘Boy I don’t want to do this by hand; why can’t I use Bastille to do this for me?’” Mihelcic said. “He looked at Bastille and saw it couldn’t do all the things he needed, so he started an open-source project. He got folks like Red Hat to jump in and participate.”

Another project on Forge.mil is designed to manage request for proposals development. The third project automates the secure configuration of Solaris systems, Mihelcic said, adding that he hopes to have 20 projects on Forge.mil in the next six months.

“The open-source development model works for everybody,” Mihelcic said.

About the Author

Doug Beizer is a staff writer for Federal Computer Week.

Reader Comments

Mon, May 18, 2009

Being able to see DOD open source software does not reveal the specific configuration or credentials needed to access any implementation of that software. So there is no security issue. IF... The software was vulnerable to something then anybody could notice and speak up thus allowing the hole to be closed much faster than in a finite pool of developers.

Fri, Mar 6, 2009

So the department of defense wants to use software that can have it's source viewed by anyone? How does this not seem like a security issue?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above