• On The Insider: Britney's Bikini-Clad Top 10
September 10, 2008 7:07 AM PDT

Defense Dept. committee has open-source leaning

by Matt Asay
  • Font size
  • Print
  • 8 comments

As Government Computer News reports, the U.S Department of Defense has singled out open source in the National Defense Authorization Act for Fiscal Year 2009 (H.R. 5658). The gist? The Defense Department sees open source as a way to cut costs and boost security, and it wants more of it.

While open source has attained legislative approbation in Latin America and elsewhere, this is first time I can remember seeing it in a Congressional bill.

Currently, the open-source language is focused on aerial vehicles, but it's instructive all the same:

The committee is concerned by the rising costs and decreasing security associated with software development for information technology systems. These rising costs are linked to the increasing complexity of software, which has also resulted in increasing numbers of system vulnerabilities that might be exploited by malicious hackers and potential adversaries. The committee encourages the department to rely more broadly on (open-source software) and establish it as a standard for intra-department software development.

If you're an open-source project lead or commercial vendor, this language is a step in the right direction. If you're a proprietary-software vendor, well, perhaps you side with the Business Software Alliance (funded by Microsoft and others), which has been lobbying hard against the bill.

I don't personally feel that open source needs to be legislated to be adopted. Indeed, I'm aware of widespread adoption of open source within the Department of Defense already, commercial and otherwise. Perhaps this legislative action will accelerate adoption further, but again, I'm not sure that open source needs any assistance here. The cream has a way of rising to the top, and open source keeps rising.

Perhaps someone needs to introduce a bill to handicap open source's rise in order to help out those starving proprietary vendors? :-)

Matt Asay brings a decade of in-the-trenches open-source business and legal experience to The Open Road, with an emphasis on emerging open-source business strategies and opportunities. Matt is vice president of business development at Alfresco, a company that develops open-source software for content management. He is a member of the CNET Blog Network and is not an employee of CNET. Disclosure. You can follow Matt on Twitter @mjasay.
Topics:

Industry news

Tags:

government,

IT spending,

open source

Share:
Digg
Del.icio.us
Reddit
Recent posts from The Open Road
Your new software vendor? Domino's Pizza
The 'wisdom of crowds' loses steam
Microsoft's embrace of MySQL could kill it
Apple: 'Enterprise' is as enterprise does
Theory of competition fails in open source, elsewhere
Microsoft's Web business spurring development of IE
The case for the open-source Goliath
Netherlands' open-source policy goes double Dutch
Related
Defense Department issues new open-source guidance
Justice Dept. asked for news site's visitor lists
WhiteHouse.gov now runs Drupal. What took it so long?
After 5 years, Firefox faces new challenges
The difference a few years makes to open source
The case for the open-source Goliath
Netherlands' open-source policy goes double Dutch
When open source isn't (open enough)
Add a Comment (Log in or register) (8 Comments)
  • prev
  • 1
  • next
by Miark01 September 10, 2008 7:37 AM PDT
I'm a huge open source fan, but I agree that Congress should not legislate what to use. Their goal should be to make these departments more _accountable_ for expenditures and computer security. Then, other departments would follow the DoD's lead and move to OSS.
Reply to this comment
by jtlevin September 10, 2008 10:34 AM PDT
Yeah, open source is WAAAYYYYY more secure...

http://secunia.com/advisories/search/?search=red+hat

And that's just red hat. Give me a break. Most software is insecure whether it is open source or proprietary.
Reply to this comment
by The_Decider September 10, 2008 6:04 PM PDT
That is waaaaay better than XP.

All software have flaws. That doesn't make them all equally flawed.
by mbenedict September 10, 2008 11:18 AM PDT
Open source security is a huge myth. Just look at how many persistent security flaws we've had (and continue to have) with projects like sendmail, bind or even apache http.

Last year there were less vulnerabilities in Outlook than in Mozilla's mail reader (Thunderbird.) I mean, come on, how can a product be *less* secure than Outlook, right? Just proves Open Source means nothing when it comes to security.

As a security architect I'm sorry to say that most software developers today (whether open or closed source) have no idea about basic application security, and much less about broader security issues.

Ironically today Microsoft is one of the very few companies that "get" security, mandating a Secure SDLC. More companies and open source projects need to adopt processes such as security code reviews, security testing, employee rotation, third-party audits, etc.
Reply to this comment
by The_Decider September 10, 2008 6:06 PM PDT
I seriously doubt that TB had more flaws than Outlook, but even if it did, all flaws are not equal.

The vast majority of OSS flaws get fixed before they are exploited. Most proprietary(notably MS) don't.
by pagan189 January 22, 2009 3:12 PM PST
Interesting and to the point i must say i agree with you ... however can i ask you what OS you feel the safest on... with me its Linux ....
by wmyinzer September 12, 2008 9:18 AM PDT
"Open Source Software" is an idiom by itself. COME ON MATT, ADMIT IT! YOU SHOULD KNOW BETTER!

Proprietary code is usually more secure, and it doesn't take a computer programmer to know that. I agree with Miark01 on one thing: they shouldn't be worrying about security, but accountability.
Reply to this comment
by January 22, 2009 2:32 PM PST
> "I don't personally feel that open source needs to be legislated to be adopted"

It does need help, because right now, open source as well as "free" software is prohibited by policy of most Services within the DOD.

However, I don't think they need to make it mandatory as much as just get rid the policies prohibiting it (as well as about 90% of the rest of the DOD's IT policies, which are mostly outdated and asinine.)
Reply to this comment
(8 Comments)
  • prev
  • 1
  • next
advertisement

The browser battles go on and on

roundup From Firefox to IE and from Chrome to Opera and Safari, there's no sitting still for browser makers looking to keep their products fresh and competitive.

3G wireless still holds promise

The next generation of 4G wireless may get all the headlines, but advanced 3G technology will likely dominate services for the next few years.

advertisement

About The Open Road

Matt Asay brings a decade of in-the-trenches open-source business and legal experience to the Open Road, with an emphasis on emerging open-source business strategies and opportunities. Matt is general manager of the Americas division and vice president of business development at Alfresco, a company that develops open-source software for content management. He is a member of the CNET Blog Network and is not an employee of CNET. Disclosure.

Add this feed to your online news reader

The Open Road topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET