The U.S. military is no laggard when it comes to open-source software adoption, but apparently thinks it can do better. The U.S. Department of Defense on Tuesday issued new guidelines designed to remove roadblocks to open-source adoption, arguing that open source can help the Defense Department "anticipate new threats and respond to continuously changing requirements."
And to think open-source software like Linux used to be considered a threat to secure Defense Department systems.
While Department of Defense CIO David Wennergren's revised guidance (PDF) is not intended to create new policy, it does provide clarity that suggests open source is very welcome at the Defense Department.
Apparently, the Defense Department's guidance on open source, issued in 2003, wasn't resulting in as much uptake as the CIO desired.
Hence, the new guidance specifies that open-source software meets internal purchasing requirements for "commercial computer software," and as such gets statutory preference in purchasing decisions, just like software from Oracle, Microsoft, or others.
But the guidance goes beyond neutrality to suggest reasons that open-source software might be better than such alternatives, including:
- The continuous and broad peer-review enabled by publicly available source code supports software reliability and security efforts through the identification and elimination of defects that might otherwise go unrecognized by a more limited core development team.
- The unrestricted ability to modify software source code enables the Department to respond more rapidly to changing situations, missions, and future threats.
- Reliance on a particular software developer or vendor due to proprietary restrictions may be reduced by the use of OSS, which can be operated and maintained by multiple vendors, thus reducing barriers to entry and exit....
- Since OSS typically does not have a per-seat licensing cost, it can provide a cost advantage in situations where many copies of the software may be required, and can mitigate risk of cost growth due to licensing in situations where the total number of users may not be known in advance...
- OSS is particularly suitable for rapid prototyping and experimentation, where the ability to "test drive" the software with minimal costs and administrative delays can be important.
Ultimately, the Defense Department CIO leaves it to individuals to determine which software best meets Defense Department requirements in a given scenario, but the memo hardly reads like neutral guidance. This is consistent with a wise policy of preferences, not mandates, for open source.
It's also an indication of much more Defense Department open-source adoption to come.
(As an aside, special thanks to John Scott for alerting me to this news, and for his work with the Defense Department to help this happen.)
The dam holding back U.S. federal adoption of open source just burst with the introduction of the Defense Department's Forge.mil.
Forge.mil is an open-source project repository built in the image of SourceForge.net, Federal Computer Week reported Friday.
Despite being based on SourceForge's technology, Forge.mil has one significant difference: security. As David Mihelcic, chief technology officer for the Defense Information Systems Agency, told Federal Computer Week, the Department of Defense's code repository has been "upgraded to meet DOD security requirements," with smart cards used to provide log-in credentials.
There are only three open-source projects hosted at Forge.mil so far, and it's initially restricted to the Defense Department's technology community, but I suspect this number will soon increase as various federal agencies discover it and ask to collaborate on code through it. It's also a new way for vendors to participate in Defense Department projects, as Mihelcic noted about one project, which is designed to automate server configuration:
"Our intern had to stand up 50 Linux machines in a lab and he said, 'Boy I don't want to do this by hand; why can't I use Bastille to do this for me?'" Mihelcic said. "He looked at Bastille and saw it couldn't do all the things he needed, so he started an open-source project. He got folks like Red Hat to jump in and participate."
All of the code is open for public view, though only those with the right Defense Department credentials can edit or contribute to the projects. As the public sees the code, however, it's almost certain to lead to individuals wanting to contribute to the code.
The Defense Department, which has been pushing hard to get involved in open source for some time as a consumer, is now involved as a developer. In just a few years, open source has gone from being "risky" to one of the best ways to mitigate risk.
Editor's note: The code is actually based on CollabNet's SourceForge Enterprise code, not the SourceForge.net code base. CollabNet enables Forge.mil.
Follow me on Twitter at mjasay.
As I listened to David Mihelcic, CTO with the U.S. Defense Information Systems Agency talk about the benefits of open source on Federal News Radio's presentation of "Open Source Solutions - 2 Years In Review," I couldn't help but be impressed with just how far open source has come in the past decade.
When I first got involved with open source back in 1998, it was perceived as risky (Rampant fear of the GPL and other open-source licenses), not secure (How can community development take care to lock out the bad guys?), and niche. In 2008, however, the CTO of a powerful agency within the U.S. Department of Defense boldly declares open source's superiority as a development model:
Open source brings to us the ability to have collaborative and agile development environments....Additionally, open source benefits the Department of Defense through...simplified licensing...and security....Security through obscurity just doesn't work.
And while Microsoft has paid for research that counterbalances the apparent rise of open source in U.S. defense agencies, it's hard to argue with the facts. The Pentagon is preparing guidelines to shepherd more open source into U.S. defense. Various U.S. defense agencies have gone on the record in support of open source. The U.S. Department of Defense has even sponsored an open source conference.
It's happening. Mihelcic's comments referenced above are just one more indication that the world's most demanding, mission-critical defense systems will increasingly run open source. For you Americans, if your country trusts your physical security to open source, isn't it time to trust your business' security to open source?
Given the widespread adoption of open-source software within the US federal government, including the US Department of Defense, it's perhaps not surprising that the regulation-heavy federal government is finally getting around to issuing guidelines for open-source adoption within the US Department of Defense:
One of the primary issues to be addressed is if open source software is a form of commercial off-the-shelf software (COTS)....The memo should also dispel lingering ideas that open source software may not be used because it is a form of shareware or freeware....The memo will also confirm that it is acceptable for an agency to contribute source code back into a public open source project....In addition to defining the relationship open source has with COTS, shareware and copyright, the memo may also articulate some of the possible advantages of deploying open source.
What a profoundly important step forward for the US federal government, and for corporate open-source adoption more broadly. A range of software vendors like IBM and HP have policies as to employee contributions to open-source projects, for example, but in this case we have a major organization defining the parameters in which its employees can contribute to open source.
Will this be contagious? Let's hope so, because it could help to bring a massive flood of open-source software into the industry, given that most enterprise software is written for use by enterprises, not for sale by vendors.
In the narrowest sense, however, this memo potentially portends the proliferation of open-source adoption within the US Department of Defense on a grand scale.
It's a bit surprising that we're barely into the real commercial potential of open source, and yet it's so widely adopted already. The next few years promise to offer open source hugely explosive growth.
Take this news from the US Department of Defense's intelligence community, which was recently gifted Ball Aerospace & Technologies' Opticks software as open source. Open source is widely used throughout enterprises. Now governments and military increasingly depend upon it:
Opticks is used by scientists and analysts within the Department of Defense Intelligence Community to analyze remote sensing data and produce actionable intelligence. Opticks supports Imagery, Motion Imagery, Synthetic Aperture Radar (SAR), and multi-spectral and hyper-spectral remote sensing data. Ball Aerospace expects Opticks to increase the demand for remote sensing data and broaden the features available in existing remote sensing software.
... Read more
- prev
- 1
- next
