Slashdot Mirror

← Back to Stories (view on slashdot.org)

ADTI Whitepaper Released

Posted by jamie on from the this-story-edited-in-mozilla-on-mac-os-x dept.

Dave Wreski Writes: "This PDF article, written by Kenneth Brown of ADTI, attempts to explain that "Open source GPL use by government agencies could easily become a nation security concern. Government use of software in the public domain is exceptionally risky." The paper has been taken down since this reader submitted the link -- they promise to replace it by the end of the day -- but as of right now, it's still available here. Their accompanying press release is out too. You might remember that we ran a story on this whitepaper earlier. At the time, a CNET story said that it was going to link open-source to terrorism; it does so in a glancing reference on p. 8 to the FAA and "national security." But the thrust of the paper is "GPL bad, open-source good," coincidentally Microsoft's position, as was hinted-at in NewsForge's interview last week. In case they take the second copy of the paper down, we'll include some teaser quotes for you below. Update by HeUnique:The Register got some nice critique about this paper.

"Another security concern is that the primary distribution channel for GPL open source is the Internet. As opposed to proprietary vendors, open source is freely downloaded. However, software in the public domain could contain a critical problem, a backdoor or worse, a dangerous virus."

Reverse engineering "harbors very close to IP infringement because and has staggering economic implications." [sic]

"On a lighter note, while many open source enthusiasts are proponents for copyleft, they insist on trademark protection for their ideas."

"If a software application representing 5000 hours uses GPL code that reflects only 100 hours, is the GPL fair in its argument that the entire product is GPL? This point is of considerable concern to software companies that value their secrets, design and architecture strategies. Proponents of the GPL argue that each party in the exchange is benefiting equally, but without a means to properly make this evaluation, this position at best is over-assuming."

"The federal government's information systems requirements intersect countless sensitive operations. The limitless potential for holes and back doors in an open source product would require unyielding scrutiny by staff that decided to use it. For example, if the Federal Aviation Agency were to develop an application (derived from open source) which controlled 747 flight patterns, a number of issues easily become national security questions such as: Would it be prudent for the FAA to use software that thousands of unknown programmers have intimate knowledge of for something this critical? Could the FAA take the chance that these unknown programmers have not shared the source code accidentally with the wrong parties? Would the FAA's decision to use software in the public domain invite computer 'hackers' more readily than proprietary products?"

8 of 560 comments (clear)

  1. Just in case... by Pig+Hogger · · Score: 5, Informative

    here is my mirror of the "old" report, safely out of the reach of the DMCIA...

  2. Re:ADTI Whitepaper Released by Taurine · · Score: 3, Informative

    There is a big distinction between the GPL and the BSD-style licenses. The GPL is all about making sure that people who use GPL licensed code release their new code under the GPL too. The intention is to create more GPLed code. The BSD license is about propogating quality code. The idea is that if you think your code is a good implementation of something, you release it under the BSD, which allows anyone to use it in their own applications without being restricted in how they license their own code at all. A BSD coder doesn't care what use their code is put to or who profits from it, they just want it to be used. That's a pretty big difference :-)

  3. A study supporting Open Source in the Military by Anonymous Coward · · Score: 5, Informative

    This paper was prepared as part of The MITRE Corporation?s FY00 Mission-Oriented Investigation and Experimentation (MOIE) research project "Open Source Software in Military Systems.. This paper analyzes the business case of open source software. It is intended to help Program Managers evaluate whether open source software and development methodologies are applicable to their technology programs. In the Executive Summary, the paper explains open source, describes its significance, compares open source to traditional commercial off-the-shelf (COTS) products, presents the military business case, shows the applicability of Linux to the military business case, analyzes the use of Linux, discusses anomalies, and provides considerations for military Program Managers. The paper also provides a history of Unix and Linux, presents a business case model, and analyzes the commercial business case of Linux.

    Here

  4. These idiots aren't from the FAA by BranMan · · Score: 4, Informative

    The FAA has incredibly strict requirements for software critical to keeping a plane in the air. Open Source or not, every single line must be proven to do exactly what it needs to, and the entire system must be deterministic (meet real-time requirements, such as knowing the maximum latency for interrupt processing). The FAA itself should be giving these jokers an earful - this is pure FUD.

  5. Re:Question by tempest303 · · Score: 5, Informative

    Wish I had kept my old sig...

    "Don't like the 'viral' nature of the GPL? Try this: WRITE YOUR OWN CODE"

    If a business doesn't want to give away their code, they shouldn't weave in GPL source to begin with. If they do so, it's their OWN damn fault, not the GPL's.

    Secondly, I still fail to see how this has anything to do with security. Open source is open source - whether released BSD/MIT style or GPL, it's STILL "open to hackers", which I thought was the point of the whole "risk" of Open Source security in the first place.

    --
    The Free desktop that Just Works
  6. Most Restrictive Licenses by pjrc · · Score: 4, Informative
    Obviously they've never actually read any of those proprietary EULA's before they clicked ok.

    The GPL is one of the most uniquely restrictive product agreements in the technology industry.

    And, Yes, they have clicked ok to proprietary licenses much more restrictive than the GPL. These lines appear within their PDF file:

    /Producer (Acrobat Distiller 4.0 for Windows)
    /Author (default)
    /Creator (ADOBEPS4.DRV Version 4.24)
    /Title (Microsoft Word - sullivan.doc)

    This simple fact can be easily verified with a command such as "stringsold_opensource_whitepaper.pdf| grep^/"

    --
    PJRC: Electronic Projects, 8051 Microcontroller Tools
  7. Who is Andre Carter of Irimi Corporation ? by cOdEgUru · · Score: 5, Informative

    Ofcourse this guy is funded under the table by Gates and his minions.

    I googled for Andre Carter of Irimi Corpn whose comments Mr. Kenneth (or whatever frickin name he has) values more than anything else and this is what I found :

    One pro-Microsoft observer credited Gates with being precise and helpful. "His testimony has been soaked with real-world examples, [and it shows] he understands the ramifications of how the states [want to affect his business]," said E. Andre Carter, CEO of Irimi, a Washington-based mobile and wireless consultancy, who also works for the pro-Microsoft lobbying group Americans for Technology Leadership.

    BINGO!

    When idiots like these make money by lying through their teeth, spread FUD and otherwise confuse the idiots who make decisions in the Senate and everywhere else, this industry, this country and the world we live in has such a fucked up future.

    --
    Rapid Nirvana
  8. Re:5000 hours vs 100 hours by jonabbey · · Score: 3, Informative

    first of all, if the 100 hours is GPLd, then the GPL isn't 'arguing' anything -- the rest *is* GPLd, according to the GPL.

    People make this mistake all the time, but it is a mistake. If someone includes some GPL'ed work into a larger work, the larger work is not magically licensed under the GPL. (Nor, for that matter, is the copyright of the larger work magically made the property of the FSF). Instead, what becomes true is that the ensemble work cannot be legally distributed without violating the terms of the (GPL) license for the 100 hours.

    In this eventuality, what would happen would be that the copyright holder for that 100 hours of labor would sue the infringer, and in the best of all worlds, the infringer would be obligated through an injunction to cease distribution of the offending code. If the copyright holder for the 100 hours was willing, some monetary arrangement might be reached in return for an alternate license for the 100 hours of code.

    The problematic case is where the 100 hours of code was written by five coders spread over the planet, and nobody bothered to track who had copyright over what piece of the code. In that instance, all five coders should agree to the relicensing. If one of the coders does not agree to the relicensing, then the problem of how to clean up the 5000+100 hours of code devolves into one of cleaning up the 100 hours of code.

    There is nothing in the GPL that forces anyone to license code under the GPL, no matter how Microsoft may wish to construe it.

    --
    - jon

    Ganymede, a GPL'ed metadirectory for UNIX