Pentagon: Open source good to go

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By Joab Jackson
 

Connecting state and local government leaders

By Joab Jackson

|

Military IT folks wondering whether their use of Apache, Perl, Linux and other open-source software is copacetic with the brass will soon get some answers from DOD's CIO.

Related Links

Army surveils for unauthorized software

Army looks for common IT ground

GCN Defense IT news index

Military IT folks wondering if their use of Apache, Perl, Linux
and other open source software is copacetic with the brass will
soon get some answers from the Defense Department's Office of the
Chief Information Officer.


The office is preparing a memorandum that further clarifies how
open source may be procured and used within the services.


The memo should answer many lingering questions still
surrounding the open source, said Daniel Risacher, the data
strategy leader for the Office of Secretary of Defense who is
drafting the memo. The draft may point out some potential benefits
as well.


"Those factors that are in favor of open source have not been
appreciated to date," said Risacher, speaking at the Red Hat
Government Users and Developers conference, being held today. The
DOD CIO office is aiming to release the memo by early November.


From Risacher's description of the draft, the memo may reinforce
the acceptability of using open source software within the Defense
Department, as well as for other federal agencies. It may even
broaden procedures for procuring commercial software.


"Those mandates [in which] we have to consider commercial
off-the-shelf software, we have to apply that to open source
software as well," Risacher said. "And that is not well appreciated
within government."


Risacher said that he first started working on the memo last
summer at the behest of the Defense Deputy CIO, David Wennergren.
Although widely used in federal government, open source software,
due to its unusual form of distribution, has raised questions among
regulation-minded program managers.


In 2004, the Office of Management and Budget, issued a
memorandum, M-04-16, that called on agencies to exercise the same
procurement procedures for open source as they would for commercial
software, as per guidelines set in OMB Circulars A-11 and A-130 and
the Federal Acquisition Regulation policies. And in 2003,
then-defense CIO John Stenbit issued memo reminding services that
any open source software they use should be held to the same levels
of security and licensing accountability as commercial
software.


The new memo aims to address various questions that have arisen
since these memos.


One of the primary issues to be addressed is if open source
software is a form of commercial off-the-shelf software (COTS). The
Defense Department has a number of mandates that compel the
services to seek COTS software packages before commissioning custom
code. If open source is COTS, then it needs to be included in the
procurement process.


It is, Risacher confirmed. Risacher notes that COTS is generally
defined as "software that is for sale, lease or licensed to the
public, and is available to the government as well." Open source
fits under this definition.


The memo should also dispel lingering ideas that open source
software may not be used because it is a form of shareware or
freeware. A 2003 policy, titled InformationAssurance Implementation (8500.2) states that the military
should not use "freeware" or "shareware" software.


Risacher noted that the policy stated shareware and freeware
should not be used because the "government does not have access to
the original source code and there is no owner who could make such
repairs on behalf of the Government," as the policy states.
Obviously, Risacher argued, open source would not apply to these
conditions.


The memo will also confirm that it is acceptable for an agency
to contribute source code back into a public open source project.
It is acceptable, Risacher qualified, assuming the agency has the
rights to the code, that releasing the code is in the government's
interest and that sharing the code does not violate any other
government restrictions, such as the International Traffic in Arms
Regulations (ITAR). Risacher also cautioned that government
employees may not copyright any work that they do, so any
contributions will be in the public domain.


In addition to defining the relationship open source has with
COTS, shareware and copyright, the memo may also articulate some of
the possible advantages of deploying open source.


When we use the term "open source software," we are actually
talking about three inter-related things, Risacher explained. One
is the body of code of the software program, which, like the
software itself, is freely available. Another aspect is the
development methodology, which encourages volunteer developers to
help write the code. And the third aspect of open source is the
licensing, which sets the rules for the lightly-controlled creation
and usage of the software.


Defense agencies could benefit from all these aspects, Risacher
said. By using open-source software, the services can update their
software as soon as a vulnerability is found or an update is
needed, rather than wait for the vendor to supply a patch. Open
source also promises faster prototyping of systems, and lower
barriers to exit. And if a government-written application is
released into open source, outside developers could work to fix the
problem, lowering maintenance costs of software.


Open source also tends to have fewer restrictions than
proprietary software, Risacher said.


"We have a lot of examples of restrictions in end user licenses
that turn out to prevent the DOD from doing things [it] wanted to
do," he said. "We find that problematic."



NEXT STORY: Solid Security: JumpDrive Solo Vault

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.