Slashdot Mirror

← Back to Stories (view on slashdot.org)

ADTI Whitepaper Released

Posted by jamie on from the this-story-edited-in-mozilla-on-mac-os-x dept.

Dave Wreski Writes: "This PDF article, written by Kenneth Brown of ADTI, attempts to explain that "Open source GPL use by government agencies could easily become a nation security concern. Government use of software in the public domain is exceptionally risky." The paper has been taken down since this reader submitted the link -- they promise to replace it by the end of the day -- but as of right now, it's still available here. Their accompanying press release is out too. You might remember that we ran a story on this whitepaper earlier. At the time, a CNET story said that it was going to link open-source to terrorism; it does so in a glancing reference on p. 8 to the FAA and "national security." But the thrust of the paper is "GPL bad, open-source good," coincidentally Microsoft's position, as was hinted-at in NewsForge's interview last week. In case they take the second copy of the paper down, we'll include some teaser quotes for you below. Update by HeUnique:The Register got some nice critique about this paper.

"Another security concern is that the primary distribution channel for GPL open source is the Internet. As opposed to proprietary vendors, open source is freely downloaded. However, software in the public domain could contain a critical problem, a backdoor or worse, a dangerous virus."

Reverse engineering "harbors very close to IP infringement because and has staggering economic implications." [sic]

"On a lighter note, while many open source enthusiasts are proponents for copyleft, they insist on trademark protection for their ideas."

"If a software application representing 5000 hours uses GPL code that reflects only 100 hours, is the GPL fair in its argument that the entire product is GPL? This point is of considerable concern to software companies that value their secrets, design and architecture strategies. Proponents of the GPL argue that each party in the exchange is benefiting equally, but without a means to properly make this evaluation, this position at best is over-assuming."

"The federal government's information systems requirements intersect countless sensitive operations. The limitless potential for holes and back doors in an open source product would require unyielding scrutiny by staff that decided to use it. For example, if the Federal Aviation Agency were to develop an application (derived from open source) which controlled 747 flight patterns, a number of issues easily become national security questions such as: Would it be prudent for the FAA to use software that thousands of unknown programmers have intimate knowledge of for something this critical? Could the FAA take the chance that these unknown programmers have not shared the source code accidentally with the wrong parties? Would the FAA's decision to use software in the public domain invite computer 'hackers' more readily than proprietary products?"

6 of 560 comments (clear)

  1. Just in case... by Pig+Hogger · · Score: 5, Informative

    here is my mirror of the "old" report, safely out of the reach of the DMCIA...

  2. A study supporting Open Source in the Military by Anonymous Coward · · Score: 5, Informative

    This paper was prepared as part of The MITRE Corporation?s FY00 Mission-Oriented Investigation and Experimentation (MOIE) research project "Open Source Software in Military Systems.. This paper analyzes the business case of open source software. It is intended to help Program Managers evaluate whether open source software and development methodologies are applicable to their technology programs. In the Executive Summary, the paper explains open source, describes its significance, compares open source to traditional commercial off-the-shelf (COTS) products, presents the military business case, shows the applicability of Linux to the military business case, analyzes the use of Linux, discusses anomalies, and provides considerations for military Program Managers. The paper also provides a history of Unix and Linux, presents a business case model, and analyzes the commercial business case of Linux.

    Here

  3. These idiots aren't from the FAA by BranMan · · Score: 4, Informative

    The FAA has incredibly strict requirements for software critical to keeping a plane in the air. Open Source or not, every single line must be proven to do exactly what it needs to, and the entire system must be deterministic (meet real-time requirements, such as knowing the maximum latency for interrupt processing). The FAA itself should be giving these jokers an earful - this is pure FUD.

  4. Re:Question by tempest303 · · Score: 5, Informative

    Wish I had kept my old sig...

    "Don't like the 'viral' nature of the GPL? Try this: WRITE YOUR OWN CODE"

    If a business doesn't want to give away their code, they shouldn't weave in GPL source to begin with. If they do so, it's their OWN damn fault, not the GPL's.

    Secondly, I still fail to see how this has anything to do with security. Open source is open source - whether released BSD/MIT style or GPL, it's STILL "open to hackers", which I thought was the point of the whole "risk" of Open Source security in the first place.

    --
    The Free desktop that Just Works
  5. Most Restrictive Licenses by pjrc · · Score: 4, Informative
    Obviously they've never actually read any of those proprietary EULA's before they clicked ok.

    The GPL is one of the most uniquely restrictive product agreements in the technology industry.

    And, Yes, they have clicked ok to proprietary licenses much more restrictive than the GPL. These lines appear within their PDF file:

    /Producer (Acrobat Distiller 4.0 for Windows)
    /Author (default)
    /Creator (ADOBEPS4.DRV Version 4.24)
    /Title (Microsoft Word - sullivan.doc)

    This simple fact can be easily verified with a command such as "stringsold_opensource_whitepaper.pdf| grep^/"

    --
    PJRC: Electronic Projects, 8051 Microcontroller Tools
  6. Who is Andre Carter of Irimi Corporation ? by cOdEgUru · · Score: 5, Informative

    Ofcourse this guy is funded under the table by Gates and his minions.

    I googled for Andre Carter of Irimi Corpn whose comments Mr. Kenneth (or whatever frickin name he has) values more than anything else and this is what I found :

    One pro-Microsoft observer credited Gates with being precise and helpful. "His testimony has been soaked with real-world examples, [and it shows] he understands the ramifications of how the states [want to affect his business]," said E. Andre Carter, CEO of Irimi, a Washington-based mobile and wireless consultancy, who also works for the pro-Microsoft lobbying group Americans for Technology Leadership.

    BINGO!

    When idiots like these make money by lying through their teeth, spread FUD and otherwise confuse the idiots who make decisions in the Senate and everywhere else, this industry, this country and the world we live in has such a fucked up future.

    --
    Rapid Nirvana