The DoD: seriously openly sourcy

[Updated Feb 5 12:45pm to remove inaccurate quote about /rj.]

In Monday's IT Blogwatch, Richi Jennings watches the Defense Department launch, its own open source code repository. Not to mention "eek"...

Doug Beizer reports:

DoD logo
Defense Department officials have launched a new Web site where developers can work on open-source software projects specifically for DOD.
In its first week, is hosting three open-source projects ... DOD Bastille integrates the specific security, technical and implementation guidelines required by DOD ... Another project on is designed to manage request for proposals development. The third project automates the secure configuration of Solaris systems.

Bob Brewin stirs the mash tub: [You're fired -Ed.] (although the site has a .com domain) ... provides Defense software engineers with the environment and tools to create Defense software for engineering applications in weeks, rather than the years it usually takes, David Mihelcic, the agency's CTO, told the monthly meeting of the Washington Chapter of the Armed Forces Communications and Electronics Association.
DISA has Security Technical Implementation Guides, which can run hundreds of pages that govern server configuration. For a large server farm, manual configuration is a time-consuming and daunting task. DoD Bastille was developed by DISA intern Aaron Lippold and automates the implementation guides.

Michael W. Jones recurses:

The Department of Defense has built its repository on the same technology used by SourceForge, itself a project available on the SourceForge site. In keeping with its mission, the project has added a layer of security that does not exist in the original project ... [It] has been upgraded to meet Department of Defense standards, including the use of smartcards for system authorization.
The code ... is open for viewing by the public, even though only those that are behind the improved security can edit or contribute to the code source ... Once people start looking at the code, some will wish to contribute ... the way that civilian open source projects gain momentum. It is exceedingly nice to see our government involved in so active a way in the open source movement.

Guy Martin is involved:

I'm happy to report that after a lot of work (and a significant amount still to come), we've launched an early access version of the and collaboration capability ... It's officially categorized as LOA (limited operational availability) ... to work through the inevitable bumps in the road that come with not only the operational details of a new system, but also getting projects and users used to the notion of a more open development methodology ... it is clear we'll have to work on getting some folks up to speed on this way of project development, but ... they seem excited and energized by what this change can bring.
All in all, it was a good day.

But 1u3hr scoffs:

Okay, why the **** does the DoD call the site "" but actually host it at ""? If they can't get a real .mil site, who can? I thought it was some phishing scam. "" doesn't even resolve, let alone redirect.

To which, legirons adds, tongue-in-cheek-stylee:

You know it's the right site, because its certificate is signed by the DoD CA.

Except that CA isn't installed in any browser. And the site to download that cert is signed by the cert itself. Security by circular reasoning.

However, superid cheers:

When I was first hired as a budding DoD programmer a long time ago, one of the first things I asked is "where is our library of stuff that has been developed locally?"

I might as well have asked "where is my +3 mace?" because we didn't have that either. I'm glad this is finally happening.

And finally...

Buffer overflow:

Other Computerworld bloggers:

Like this stuff? Subscribe to the RSS feed.

Richi Jennings is an independent analyst/adviser/consultant, specializing in blogging, email, and spam. A 23 year, cross-functional IT veteran, he is also an analyst at Ferris Research. You can follow him on Twitter, pretend to be Richi's friend on Facebook, or just use boring old email:

Previously in IT Blogwatch:

Copyright © 2009 IDG Communications, Inc.

Shop Tech Products at Amazon