Defense Department OK's open-source software

Policy should pave the way for other government use

The U.S. Department of Defense has issued a policy that officially authorizes the use of open-source software at the department, a move open-source pundits said opens the door to more government use of open-source software.

Open-source software within the Defense Department is acceptable as long as it complies with departmental policies for commercial and government off-the-shelf software and meets certain security standards, according to a memo outlining the policy written last week by John P. Stenbit, assistant secretary of Defense and CIO at the department.

The policy is significant and sets an important precedent, said Tony Stanco, director of the Center of Open Source & Government and associate director of the Cyber Security Policy & Research Institute at George Washington University in Washington.

"This is the first time the federal government in the U.S. has given an official policy toward open-source," he said. "The policy puts it at a level playing field with proprietary software, and that is exactly the way it should be. Open-source before wasn't discussed, and that makes people wonder if they should use it."

Stanco heralded the Pentagon policy as a victory for the open-source movement and said it's a precedent that will lead to a jump in usage of open-source software at the Defense Department and government organizations worldwide.

"Open-source has gone legitimate; the U.S. government was being lobbied very hard not to go this way by the software industry," he said. "This policy legitimizes the use of open-source right around the world."

Breaking the silence on open-source doesn't mean that the DOD is picking favorites, said Lt. Col. Ken McClellan, a Pentagon spokesman.

"This memo sets out an even-handed approach to software acquisition, and that is what it has always been [at the DOD]," he said today.

Lack of a policy hasn't held back adoption of open-source software at the Pentagon, according to a study The Mitre Corp. released early this year. In fact, the U.S. military to a large degree depends on free and open-source software for infrastructure support, software development, security and research, Bedford, Mass.-based Mitre found.

One paragraph in the short Defense Department memorandum is reserved for an explanation of open-source licensing, particularly General Public License (GPL) requirements. Under the GPL, the most prevalent open-source license, users have to make public any changes to the source code when they distribute the software. For example, Linux is licensed under the GPL.

Stenbit in his memo tells those in charge of acquiring software at the DOD to comply with all licensing requirements and "strongly" encourages them to consult a lawyer to make sure that the implications of the license are fully understood.

One expert said the GPL shouldn't be a major hurdle for the Pentagon. Confidential software code should be built on top of open-source code and not be part of the core code, circumventing the public release requirement, said Bruce Perens, an open-source advocate.

"That means that ultrasecret software should probably be a user-mode application and not be part of the kernel," he said. "Simple decisions like that need to be made when developing software."

According to Perens, the DOD considered banning GPL software, but decided against doing so because it's already widely used in the department. Furthermore, there is a clear benefit for the Defense Department to have full control over the software, he said.

Microsoft Corp., the world's largest software vendor, has faced increased competition from open-source products in markets around the world, especially in emerging countries. In a memo sent earlier this week, Microsoft CEO Steve Ballmer called noncommercial software and Linux in particular a "competitive challenge" (see story).

"IBM's endorsement of Linux has added credibility and an illusion of support and accountability, although the reality is there is no 'center of gravity,' or central body, investing in the health and growth of non-commercial software or innovating in critical areas like engineering, manageability, compatibility and security," Ballmer wrote to highlight why he thinks Microsoft's products are superior.

In a statement yesterday, Microsoft said it's "committed to working with the DOD to deliver products that meet its requirements and deliver cost-effective, value-based solutions." The company said it's "notable" that the Defense Department's policy says that people need to be aware of the software licenses they use. "Licensing terms are important but sometimes overlooked," according to Microsoft, which itself has come under fire from users over its licensing restrictions and cost.

A copy of Stenbit's memo can be found at the Center of Open Source & Government's Web site.

Computerworld's IT Salary Survey 2017 results
Shop Tech Products at Amazon