Slashdot Mirror

← Back to Stories (view on slashdot.org)

ADTI Whitepaper Released

Posted by jamie on from the this-story-edited-in-mozilla-on-mac-os-x dept.

Dave Wreski Writes: "This PDF article, written by Kenneth Brown of ADTI, attempts to explain that "Open source GPL use by government agencies could easily become a nation security concern. Government use of software in the public domain is exceptionally risky." The paper has been taken down since this reader submitted the link -- they promise to replace it by the end of the day -- but as of right now, it's still available here. Their accompanying press release is out too. You might remember that we ran a story on this whitepaper earlier. At the time, a CNET story said that it was going to link open-source to terrorism; it does so in a glancing reference on p. 8 to the FAA and "national security." But the thrust of the paper is "GPL bad, open-source good," coincidentally Microsoft's position, as was hinted-at in NewsForge's interview last week. In case they take the second copy of the paper down, we'll include some teaser quotes for you below. Update by HeUnique:The Register got some nice critique about this paper.

"Another security concern is that the primary distribution channel for GPL open source is the Internet. As opposed to proprietary vendors, open source is freely downloaded. However, software in the public domain could contain a critical problem, a backdoor or worse, a dangerous virus."

Reverse engineering "harbors very close to IP infringement because and has staggering economic implications." [sic]

"On a lighter note, while many open source enthusiasts are proponents for copyleft, they insist on trademark protection for their ideas."

"If a software application representing 5000 hours uses GPL code that reflects only 100 hours, is the GPL fair in its argument that the entire product is GPL? This point is of considerable concern to software companies that value their secrets, design and architecture strategies. Proponents of the GPL argue that each party in the exchange is benefiting equally, but without a means to properly make this evaluation, this position at best is over-assuming."

"The federal government's information systems requirements intersect countless sensitive operations. The limitless potential for holes and back doors in an open source product would require unyielding scrutiny by staff that decided to use it. For example, if the Federal Aviation Agency were to develop an application (derived from open source) which controlled 747 flight patterns, a number of issues easily become national security questions such as: Would it be prudent for the FAA to use software that thousands of unknown programmers have intimate knowledge of for something this critical? Could the FAA take the chance that these unknown programmers have not shared the source code accidentally with the wrong parties? Would the FAA's decision to use software in the public domain invite computer 'hackers' more readily than proprietary products?"

7 of 560 comments (clear)

  1. Question by KingKire64 · · Score: 0, Troll

    Im going to get shot down big time on this... but dont they have a point. There are just things where the GPL is just not a good idea for. SUre its fine for the Office Suite they use but it does have some security issues.


    You cna mod me down now.

    --
    "All I can tell the "lesser of two evils" folks is that if they keep voting for evil, they'll keep getting evil."-Lp.org
    1. Re:Question by tempest303 · · Score: 2, Troll

      While I don't agree with the position, I can understand the argument that ANY Open Source program is risky security-wise because all those "evil hackers" have access to the source, etc.

      This trol^H^H^H^Harticle is special because it seems to think that Open Source is ok for security, but the GPL specifically is not. How exactly the GPL is any better for SECURITY than the BSD license, etc, is the question. (Hint: there is no fucking difference. ;)

      --
      The Free desktop that Just Works
    2. Re:Question by Stonehand · · Score: 1, Troll

      Hint: there is a pretty huge difference.

      If, for instance, one writes a security-critical product for external distribution, such as a server involved in e-commerce, and involves even a little bit of GPL code, the source for the entire server must be made freely distributable. With BSD, there is no such obligation. Having the source combined with an potentially large economic (in this case) incentive would likely accelerate any efforts at compromise.

      --
      Only the dead have seen the end of war.
  2. Slashdot by oyenstikker · · Score: 0, Troll

    Minor Kernel Version Releases for Nerds. FUD that matters.

    --
    The masses are the crack whores of religion.
  3. Re:The perfect job! by Gizzmonic · · Score: 0, Troll

    So, anyone who disparages the use of open source software is a "troll"? That makes it pretty easy to ignore things you might not want to hear, doesn't it?

    --
    (-1, Raw and Uncut is the only way to read)
  4. Don't Get Facts Get In The Way of FUD by ArtDent · · Score: 2, Troll
    Let's play count the errors!
    ...Software's locked state is also described as its "executable" format. Executable software is commonly sold in stores and available commercially. Executable software accompanies binary code also known as machine code.

    What exactly was the difference again between executable software and binary code?

    ...The GPL is one of the most uniquely restrictive product agreements in the technology industry. As expected, the controversy of the GPL is rooted in the language of its license.

    All proprietary licenses that I've ever seen place restrictions on how a user may use the software. The GPL contains no such restrictions. The GPL only resticts the way in which he can redistribute a modified version of the software, an activity expressly prohibited by proprietary licenses. Simply put, any claim that the GPL is more restrictive than proprietary licenses is laughably incorrect.

    ...In 1989, Stallman decided that the open source community should be more organized and founded the Free Software Foundation (FSF). FSF and Stallman evolved the open source discussion into an advocacy group, promoting the idea that all software should be free.

    According to the Open Source Initiative, "the 'open source' label itself came out of a strategy session held on February 3rd 1998," in reaction to "Netscape's accouncements that it planned to give away the source of its browser." The term's purpose was "to dump the confrontational attitude that has been associated with 'free software' in the past and sell the idea strictly on the same pragmatic, business-case grounds that motivated Netscape." The attempt to paint the FSF as a radical offshoot of the open source movement is completely without factual basis.

    FSF became well known for its position of free software as well as its radical ideas to end patents on inventions.

    The FSF has expressed no position on the patenting of inventions, in general, but only on the patenting of software.

    Jim Clark, the founder of computer maker Silicon Graphics and expert on UNIX standards, founded Netscape, and set out to compete directly with the public domain product Mosaic.

    According the NCSA's Procedures for Licensing NCSA Mosaic, "the software is not public domain, freeware or shareware." But then, we already knew that...

    ...Mosaic was an open source product and could be downloaded for free by individuals and companies wishing to use the Internet for internal communications. Through a commercial partner, Spyglass, NCSA began widely licensing Mosaic to computer companies including IBM, DEC, AT&T, and NEC.

    If it required a commercial partner to do this licensing, then clearly it wasn't even open source (as the term came to mean, when it was coined five years later), much less in the public domain!

    At this point, I get tired of counting. This paper allegedly "details the complex issues surrounding open source," but fails to demonstrate even the most basic understanding of the term itself, competing licensing models, or the technology involved. It is, quite simply, not worthy of any serious consideration.

  5. They are Microsoft-funded by g4dget · · Score: 2, Troll
    Take a look at this Wired article:
    A Microsoft spokesman confirmed that Microsoft provides funding to the Alexis de Tocqueville Institution.

    Statements like these, from the paper, are also pure rethoric:

    "Before the Pentagon and other federal agencies make uninformed decisions to alter the very foundation of computer security, they should study the potential consequences carefully."

    What it comes down to is that a group of people with a pompous name, a conservative ax to grind, with funding from Microsoft, and with few security-related credentials put out a paper saying that the government shouldn't use open source and linking open source to terrorism in some underhanded way. What a surprise. The conservatives in this country have been using fear of terrorism to push a pro-corporate and anti-democractic agenda since 9/11.