GCN Tech Blog

By GCN Staff

Blog archive

Can open source survive Congress?

If the House's proposed 2009 Defense Department budget is any indication, Congress may want to see more open-source software (OSS) in defense systems.

The National Defense Authorization Act for Fiscal Year 2009 (H.R. 5658) includes language that calls for the services to consider open source software when procuring manned or unmanned aerial vehicles.

It's surprising to see a concept as technical as OSS in an actual congressional bill. But there it is. Whether it will remain in the final authorization is another question. The House's version of the bill was passed in May; This week, the Senate is debating its own version of the bill (S. 3001). When the two halves of Congress come together, will the open source language survive in the resulting authorization?

The Defense Department has been traditionally been somewhat wary of OSS, at least for official duties. So some feel the language could pave the way for greater acceptance within the Defense community.

To find the OSS reference, look to section 143 of the House bill, which calls for the Secretary of Defense to set a strategy for procuring manned and unmanned vehicle systems. Among the objectives listed is one listing "open source software code."

While the bill itself doesn't elaborate on the use of OSS, the House Armed Services Committee report accompanying the bill minces no words about the lawmakers' intentions (Warning: Link is to a nine megabyte PDF file). And while the language itself is confined only to aerial vehicles, the implications are clearly broader.

"The committee is concerned by the rising costs and decreasing security associated with software development for information technology systems. These rising costs are linked to the increasing complexity of software, which has also resulted in increasing numbers of system vulnerabilities that might be exploited by malicious hackers and potential adversaries," the report states, on page 275. "The committee encourages the Department to rely more broadly on [open-source software] and establish it as a standard for intra-Department software development."

'Obviously, we welcome the House's encouragement of open source software use in the Department of Defense," Bill Vass, president and COO of Sun Microsystems Federal Inc., told us. "It is important to note that open-source software is not risky. By placing software code outside for all the world to see, security is not an issue as any security holes will be known to the public...and fixed by a community of millions. In short, open source will allow the Defense Department to increase security, reduce costs and increase the Department's flexibility to deploy and retire customized IT solutions.'

Not everyone has been pleased with how the bill calls out open-source software by name, though. Analysts at the Business Software Alliance met with members of the committee to voice their concern that the bill unfavorably offers open-source software products an unfair competitive advantage over other commercial software, according to a BSA spokesperson who declined to be named.

It's worth noting, though, that the House Armed Forces Committee addresses the matter.

"The committee acknowledges the availability of proprietary software and encourages its development and acquisition as necessary and appropriate. The committee believes, however, the widespread implementation of an OSS standard will not only lead to more secure software, but will also foster broader competition by minimizing traditional constraints imposed by an overreliance on proprietary software systems," it stated.

So is OSS something that needs to be recognized by law? Or should it have to stand on its own merits entirely? Time will tell.

FCW Procurement Editor Matthew Weigelt contributed to this story.

Posted by Joab Jackson on Sep 09, 2008 at 9:39 AM


inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Thu, Oct 2, 2008 James LaBarr PA

open source is open source. I'd like to see more of it, but it shouldn't be controlled or placed under government eyes. It's open source, don't worry about the security risks, edit it, secure it, call it a day.http://www.pc-geek-it.com

Thu, Sep 11, 2008 Phil Burke TN

for the government to use ONLY open source applications [at least from the standpoint of making sure the data/information is always and forever available; even if the systems go away, if the bits and bytes can be processed by another system that has the applications recompiled for it the data/information is not lost].From a security vs. malware standpoint, the various Security Enhanced (SE) distributions of Linux or similarly "locked down" BSD distributions should be the standard desktop platform in government offices to prevent the proliferation of malware, especially keyloggers and other data theft tools. In a properly configured system, infections can only get so far as the user's reach. If root privileges on all systems are limited to IT professionals that have training in the "locked down" systems and have been "indoctrinated" with the intelligence community's paranoid view of the world adapted to digital systems, then there should be very little compromise of government systems.From the maintenance standpoint, if everything custom designed for the government is open source, then when support contractors change, there are no proprietary parts to re-write from scratch or cross-"business entity" non-disclosure agreements to execute. It should streamline and lend efficiency to system maintenance contracting. A contractor only has to know the programming language the system was written in and be certified as trusted to work with "national secrets", and not be required to be on commercially friendly terms with the original developer of the system.

Thu, Sep 11, 2008 Dave Howe N/A

They would be using the NSA issued flavour of linux already... or maybe they are, but they don't want to talk about it :)

Thu, Sep 11, 2008 tim pagden N/A

Frankly I am stunned that the use of OSS is not already the preferred method of software procurement. One would have thought that as Government agencies are paying for the software, they have every right to dictate the development methodology and clearly an army of thousands if not millions of code-verifying eyes are better than the handful that are involved in the process of proprietary code development.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

resources

HTML - No Current Item Deck
  • Transforming Constituent Services with Business Process Management
  • Improving Performance in Hybrid Clouds
  • Data Center Consolidation & Energy Efficiency in Federal Facilities