News
Pentagon: Open Source Good To Go
- By Joab Jackson
- 10/08/2008
Military information technology folks wondering if their use of Apache, Perl,
Linux and other open source software is copacetic with the brass will soon get
some answers from the Defense Department's Office of the Chief Information Officer.
The office is preparing a memo that further clarifies how open source may be
procured and used within the services.
The memo should answer many lingering questions still surrounding open source
software, said Daniel Risacher, data strategy leader for the Office of Secretary
of Defense, who is drafting the memo. The draft might point out some potential
benefits, as well.
"Those factors that are in favor of open source have not been appreciated
to date," said Risacher, speaking at today's Red Hat Government Users
and Developers Conference in Washington. The DOD CIO office is aiming to release
the memo by early November.
From Risacher's description of the draft, the memo might reinforce the acceptability
of using open source software at DOD and other federal agencies. It might even
broaden procedures for procuring commercial software.
"Those mandates [in which] we have to consider commercial off-the-shelf
software, we have to apply that to open source software, as well," Risacher
said. "And that is not well-appreciated within government."
Risacher said he first started working on the memo last summer at the behest
of DOD Deputy CIO David Wennergren. Although widely used in federal government,
open source software, because of its unusual form of distribution, has raised
questions among regulation-minded program managers.
In 2004, the Office of Management and Budget issued a memo that called on agencies
to exercise the same procurement procedures for open source as they would for
commercial software, as outlined in OMB Circulars A-11 and A-130 and the Federal
Acquisition Regulation. And in 2003, former defense CIO John Stenbit issued
a memo that reminded military services that any open source software they use
should be held to the same levels of security and licensing accountability as
commercial software.
The new memo aims to address various questions that have arisen since those
memos.
One of the primary issues to be addressed is whether open source software is
a form of commercial software. DOD has a number of mandates that compel the
services to seek commercial software packages before commissioning custom code.
If open source counts as commercial software, it needs to be included in the
procurement process.
Risacher said "commercial" is generally defined as "software
that is for sale, lease or licensed to the public, and is available to the government,
as well." Open source fits that definition.
The memo should also dispel lingering ideas that open source software may not
be used because it is a form of shareware or freeware. A 2003 policy, entitled
"Information
Assurance Implementation" (8500.2), states that the military should
not use freeware or shareware software.
Risacher said the policy prohibits shareware and freeware because the "government
does not have access to the original source code, and there is no owner who
could make such repairs on behalf of the government." However, Risacher
argued, open source would not apply to these conditions.
The memo will also confirm that it is acceptable for an agency to contribute
source code back into a public open source project. Those actions are only acceptable,
Risacher said, if the agency has the rights to the code, releasing the code
is in the government's interest and sharing the code does not violate any other
government restrictions, such as the International Traffic in Arms Regulations.
Risacher also cautioned that government employees cannot copyright their work,
so any contributions will be in the public domain.
In addition, the memo might also articulate some of the possible advantages
of deploying open source.
When we use the term open source software, we are actually talking about three
interrelated things, Risacher explained. One is the body of code of the software
program, which, like the software itself, is freely available. Another aspect
is the development methodology, which encourages volunteer developers to help
write the code. And the third aspect of open source is the licensing, which
sets the rules for the lightly controlled creation and usage of the software.
DOD agencies could benefit from all these aspects, Risacher said. By using
open source software, the services could update their software as soon as a
vulnerability is found or an update is needed rather than wait for the vendor
to supply a patch. Open source also promises faster prototyping of systems and
lower barriers to exit. And if a government-written application is released
into open source, outside developers could work to fix the problem, lowering
maintenance costs of software.
Open source also tends to have fewer restrictions than proprietary software,
Risacher said.
"We have a lot of examples of restrictions in end user licenses that turn
out to prevent the DOD from doing things [it] wanted to do," he said. "We
find that problematic."
About the Author
Joab Jackson is the chief technology editor of Government Computing News (GCN.com).