Slashdot Mirror
MITRE Corp. Report On Open Source In Government
Jeremy Allison (of the Samba team) writes "Very interesting paper just published by MITRE corporation. (In PDF - they've learned not to use Microsoft Word. :-). Highlights: 'The main conclusion of the article was that FOSS software plays a more critical role in the DoD than has generally been recognised.'; 'Create a "Generally Recognised as Safe" FOSS list ... including Linux, OpenBSD, NetBSD, FreeBSD, Samba, Apache, Perl, GCC, GNAT, XFree86, OpenSSH, bind, and sendmail.'
'FOSS' stands for 'Free and Open-Source Software.' Looks like these people 'get it.'"
"Generally Recognised as Safe ... bind, and sendmail."
:)
I'm all for Unix server software, but BIND and Sendmail? True, they haven't been bad lately, but both of these are former poster childs for the land of remote root exploits. Yet Qmail, djbdns, and Postfix--some of the most secure software ever made, is strangely absent.
Well, it is the government. They are making progress in their own little way.
Computer Science is no more about computers than astronomy is about telescopes. --E. W. Dijkstra
Banning Free and Open Source Software would remove certain types of infrastructure components (e.g., OpenBSD) that currently help support network security. It would also limit DoD access to -- and overall expertise in -- the use of powerful FOSS analysis and detection applications that hostile groups could use to help stage cyberattacks. Finally, it would remove the demonstrated ability of FOSS applications to be updated rapidly in response to new types of cyberattack. Taken together, these factors imply that banning FOSS would have immediate, broad, and strongly negative impacts on the ability of many sensitive and security focused DoD groups to defend against cyberattacks.
Starting on page 32, theres a very nice glossary of common Free and Open Source Acronyms.
That is kind of funny because the line feeds are ^M just like what the acrobat distiller does. I would say PDF is freer than word however, because you don't have to pay money to view the document and since the purpose of this document is to be read then this particular format is best suited to enable that viewing across platforms without additional costs for the reader while maintaining the original format of the document.
I would also say anyone using PDF's for the security of them not being easily modifiable is running on assumptions that the people they are sending the files to are to stupid to figure out how to modify them to their hearts content.
Most companies when publishing in PDF format do so, not for openness but to preotect against copying or modification.
.DOC files are less secure, due to the fact that they are easy to read and modify in Windows.
.DOCs require much more work).
Ironically, you think that PDF protects against copying, because it is difficult to modify them in Windows. By the same token, you may think that
Which of course, is the opposite for any *NIX system running Ghostscript (where a PDF -> ASCII conversion is trival, but
I guess you do have to play to your users strengths and weaknesses, it just seems funny to me, somehow.
Do you have Linux and a DotPal? Click here now!
Just to add some info here. Just because an article talks about usage and approval of FOSS in the "DoD" (Department of Defense), it doesn't mean that there is signifigant usage. Remember that the DoD is comprised of some management overhead and three sub departments: Army, Navy, Air Force. While Linux may be used and even endorsed by the "DoD", it's usage is not permitted without one hell of a waiver process in the Department of the Navy. Especially under NMCI(Navy Marine Corps Intranet), Linux is not even listed as an approved legacy system, much less something EDS will agree to support.
Additonally, each branch of the service is autonomous in IT management, which means there are FOUR DIFFERENT ways of running a network with the associated FOUR sets of management overhead and of course, they aren't interoperable. This is a fairly generalized statement, but most of the systems I deal with daily in the Marine Corps are specific to us and don't work with the other services systems despite the fact that they all do the EXACT SAME THING.
So kids, the moral of the story is: Write you congressman and complain about the misuse of your tax dollars. And don't forget to tell them that free software == excuse for lower taxes == more votes for them.
I've dirtied my hands writing poetry, for the sake of seduction; that is, for the sake of a useful cause. --Dostoevsky
It seems that the right hand doesn't see what the left hand is doing. That's the USA federal government for you.
With all due respect to your example, I would rather each department of the government be allowed to implement its own solutions, at least based on my experiences working for large corporations (where the right hand often doesn't know what the right middle finger is doing). The most productive situations arise when divisions and departments are allowed to solve their own problems, rather than having some senior-level executive decided, "okay, this worked for marketing, so now everyone has to do it this way." Information sharing is important, of course, but forcing one-size-fits-all "solutions" can be counter-productive.
Michael
"No live organism can continue for long to exist sanely under conditions of absolute reality;..."
You didn't get the point. The problem this report tries to cover is not about costs but about the ability to control the software you use. And that's the what DoD is concerned about. And the report notes that DoD is damn dependent on FOSS:
The main conclusion of the analysis was that FOSS software plays a more critical role in the DoD than has generally been recognized. FOSS applications are most important in four broad areas: Infrastructure Support, Software Development, Security, and Research. One unexpected result was the degree to which Security depends on FOSS. Banning FOSS would remove certain types of infrastructure components (e.g., OpenBSD) that currently help support network security. It would also limit DoD access to and overall expertise in the use of powerful FOSS analysis and detection applications that hostile groups could use to help stage cyberattacks. Finally, it would remove the demonstrated ability of FOSS applications to be updated rapidly in response to new types of cyberattack. Taken together, these factors imply that banning FOSS would have immediate, broad, and strongly negative impacts on the ability of many sensitive and security- focused DoD groups to defend against cyberattacks.
I don't see where your disappointment comes up. The report shows that both OSS and FreeSoftware are the major players in DoD sectors (well I would be very admired if they wouldn't). Besides, it shows that all this FUD from M$ is a national danger to the US (and I would be HIGHLY admired if it wouldn't). Apart of some gaffes the report is superb.
Time to put Redmond on the rough nations list...
The DoD is under tremendous pressure to have Microsoft blessed as the only products they use, as Microsoft has learned how to lobby and started throwing lots of money at this. The government is a huge purchaser of systems, and there are many legacy things out there. Since the past 10 years or so have brought many fresh college grads into the workforce, many of whom only know Microsoft products, there is pressure on the technical selection folks to replace with Microsoft since those precious MCSE's only know these platforms.
This report is probably an effort to build some evidence and support on why wholesale replacement of everything with off the shelf would add costs and hurt national security. Probably also explains IBM's (and others) shift to support Linux and variants over the past few years as they saw Microsoft tactics refined.
And, Microsoft's more recent license agreement language seems pointed at providing a legal reason why they need to be the only platform, since there are no technical reasons.
Sleep is for the Weak