News

Pentagon: Open Source Good To Go

Military information technology folks wondering if their use of Apache, Perl, Linux and other open source software is copacetic with the brass will soon get some answers from the Defense Department's Office of the Chief Information Officer.

The office is preparing a memo that further clarifies how open source may be procured and used within the services.

The memo should answer many lingering questions still surrounding open source software, said Daniel Risacher, data strategy leader for the Office of Secretary of Defense, who is drafting the memo. The draft might point out some potential benefits, as well.

"Those factors that are in favor of open source have not been appreciated to date," said Risacher, speaking at today's Red Hat Government Users and Developers Conference in Washington. The DOD CIO office is aiming to release the memo by early November.

From Risacher's description of the draft, the memo might reinforce the acceptability of using open source software at DOD and other federal agencies. It might even broaden procedures for procuring commercial software.

"Those mandates [in which] we have to consider commercial off-the-shelf software, we have to apply that to open source software, as well," Risacher said. "And that is not well-appreciated within government."

Risacher said he first started working on the memo last summer at the behest of DOD Deputy CIO David Wennergren. Although widely used in federal government, open source software, because of its unusual form of distribution, has raised questions among regulation-minded program managers.

In 2004, the Office of Management and Budget issued a memo that called on agencies to exercise the same procurement procedures for open source as they would for commercial software, as outlined in OMB Circulars A-11 and A-130 and the Federal Acquisition Regulation. And in 2003, former defense CIO John Stenbit issued a memo that reminded military services that any open source software they use should be held to the same levels of security and licensing accountability as commercial software.

The new memo aims to address various questions that have arisen since those memos.

One of the primary issues to be addressed is whether open source software is a form of commercial software. DOD has a number of mandates that compel the services to seek commercial software packages before commissioning custom code. If open source counts as commercial software, it needs to be included in the procurement process.

Risacher said "commercial" is generally defined as "software that is for sale, lease or licensed to the public, and is available to the government, as well." Open source fits that definition.

The memo should also dispel lingering ideas that open source software may not be used because it is a form of shareware or freeware. A 2003 policy, entitled "Information Assurance Implementation" (8500.2), states that the military should not use freeware or shareware software.

Risacher said the policy prohibits shareware and freeware because the "government does not have access to the original source code, and there is no owner who could make such repairs on behalf of the government." However, Risacher argued, open source would not apply to these conditions.

The memo will also confirm that it is acceptable for an agency to contribute source code back into a public open source project. Those actions are only acceptable, Risacher said, if the agency has the rights to the code, releasing the code is in the government's interest and sharing the code does not violate any other government restrictions, such as the International Traffic in Arms Regulations. Risacher also cautioned that government employees cannot copyright their work, so any contributions will be in the public domain.

In addition, the memo might also articulate some of the possible advantages of deploying open source.

When we use the term open source software, we are actually talking about three interrelated things, Risacher explained. One is the body of code of the software program, which, like the software itself, is freely available. Another aspect is the development methodology, which encourages volunteer developers to help write the code. And the third aspect of open source is the licensing, which sets the rules for the lightly controlled creation and usage of the software.

DOD agencies could benefit from all these aspects, Risacher said. By using open source software, the services could update their software as soon as a vulnerability is found or an update is needed rather than wait for the vendor to supply a patch. Open source also promises faster prototyping of systems and lower barriers to exit. And if a government-written application is released into open source, outside developers could work to fix the problem, lowering maintenance costs of software.

Open source also tends to have fewer restrictions than proprietary software, Risacher said.

"We have a lot of examples of restrictions in end user licenses that turn out to prevent the DOD from doing things [it] wanted to do," he said. "We find that problematic."

About the Author

Joab Jackson is the chief technology editor of Government Computing News (GCN.com).