Open-source software gets nod from DOD

Open-source software proponents last month cheered a memorandum from Defense Department CIO John P. Stenbit, freeing DOD agencies to use open-source software under certain conditions.

The memo said open-source software, like off-the-shelf software, must meet the security and validation requirements in National Security Telecommunications and Information Systems Security Policy Number 11 and other DOD configuration guidelines.

The memo cited the Linux operating system as an example of software licensed under the GNU General Public License, which imposes the same conditions on modified versions as on the original code. The GNU license is one of the more common open-source licensing agreements.

Already in use at DOD

Stenbit's memo followed a report by Mitre Corp. of Bedford, Mass. The report used responses to an e-mail survey, which located 115 open-source applications within DOD and 251 examples of their use.

Open-source software 'plays a more critical role in DOD than has generally been recognized,' the Mitre study concluded.

'We realized there was a lot of open-source being used in the department, and we wanted to make sure it meets the requirements,' said Robert Gorrie, deputy director of the Defense Information Assurance Program.

Tony Stanco, associate director of the Cyber Security Policy and Research Institute at George Washington University, called the memo 'a huge deal' because it is the first time DOD has said it won't give preference to proprietary software.

Linux is in use for various DOD projects, even weapons systems, but cautious agencies have waited for official clearance.

'You don't have to do it in the shadows anymore,' Stanco said.

Open-source advocate Chris DiBona, who worked at the State Department in the mid-1990s during the early days of Linux, said the official imprimatur makes things easier.

'One thing government people really hate to do is go against the rules,' said DiBona, now marketing vice president at Damage Studios Inc. of San Francisco.

Many open-source apps run in mixed environments, DiBona said'for example, Apache Web Server freeware under Microsoft Windows 2000 or the open-source gcc compiler under Sun Solaris.

Stenbit's memo recognizes what open-source advocate Chris DiBona called the 'fact of life' that IT shops in the department cannot get along without at least some open-source apps.

The Center for Open Source and Government, which Stanco also heads, is coordinating efforts to get Linux certified under the international Common Criteria security evaluation program recognized by the National Institute of Standards and Technology.

Stanco posted an Adobe Portable Document Format copy of Stenbit's memo, at


  • Pierce County

    CARES dashboard ensures county spending delivers results

    The CARES Act Funding Outcomes Dashboard helps Pierce County, Wash., monitor funding and key performance indicators for public health emergency response, economic stabilization and recovery, community response and resilience, and essential government services.

  • smart city challenge

    AI-based traffic management improves mobility, saves fuel, cuts pollution

    Researchers are developing a dynamic feedback traffic signal control system that reduces corridor-level fuel consumption by 20% while maintaining a safe and efficient transportation environment.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.