Slashdot Mirror

← Back to Stories (view on slashdot.org)

MITRE Corp. Report On Open Source In Government

Posted by ryuzaki0 on from the who's-using-what-where-why dept.

Jeremy Allison (of the Samba team) writes "Very interesting paper just published by MITRE corporation. (In PDF - they've learned not to use Microsoft Word. :-). Highlights: 'The main conclusion of the article was that FOSS software plays a more critical role in the DoD than has generally been recognised.'; 'Create a "Generally Recognised as Safe" FOSS list ... including Linux, OpenBSD, NetBSD, FreeBSD, Samba, Apache, Perl, GCC, GNAT, XFree86, OpenSSH, bind, and sendmail.' 'FOSS' stands for 'Free and Open-Source Software.' Looks like these people 'get it.'"

6 of 279 comments (clear)

  1. PDF format freer than Word? by coupland · · Score: 5, Interesting

    A very minor and unimportant comment:

    Most companies when publishing in PDF format do so, not for openness but to preotect against copying or modification.

    For example, my company works extensively with the FDA and we publish all our standard operating procedures (SOPs) in PDF format since it's so difficult to copy. We rely not on the openess of the format but on its limitations. Not earth-shattering but I wanted to mention that PDF is not a particularly open format, despite its structures being well known.

  2. Infers that GPL means better security by AIXadmin · · Score: 5, Interesting

    In this paragraph MITRE seems to infer that GPL'ed software is some how more secure, or better able to be secured then other software.

    "For Security, use of GPL within
    groups with well-defined security boundaries should be encouraged to promote faster,
    more locally autonomous responses to cyber threats. "
    Page 3, Example 2.

    This really makes no sense to me. Especially when the majority of the software they list as "heavily used infrastrucuture tools such as "Linux, OpenBSD, NetBSD, FreeBSD, Samba, Apache, Perl, GCC, GNAT, XFree86, OpenSSH, bind, and sendmail," are a good portion of NOT licensed under the GPL. (Yes I realize some, are but the majority of that list are not.)

    Doesn't make a lot of sense. Considering most people would agree the most secure OS out there is OpenBSD.

  3. I work for the DoD.. open source rules! by Shalome · · Score: 5, Interesting

    I work for the DoD (and am lucky enough to work with MITRE folk as well), and we go for the open source solution whenever we can. Why? We're in security. We absolutely NEED to be able to hack our own code whenever necessary. We can't afford to be taken down by any sort of attack, whether it be a worm, virus, or directed attack -- and I'm not talking "afford" in the sense of a dollar amount. We also like to be able to do things like add signatures to our IDSs whenever we feel like it. We often notice and track new virus and worm activity before it "breaks." We can't wait for vendor updates.

    I've sat through meetings with vendor reps where certain office members tore the reps some new orifices. I've heard from a *major AV/Firewall company name deleted* rep "Oh, you use open source FREEWARE! Well, if you want to go with something totally insecure that has absolutely no support and you don't know exactly what the code actually does..." The rep then sat there in stunned silence as the department head launched into a detailed tirade about how every member of the office not only knew what the open source we used did, most of us could re-write it if we needed to. The rep actually blushed and admitted that if we could do that, we didn't need their product.

    Most of our offices do use Microsoft on most of the standard user desktops... but it's open source hacked-to-hell code that runs everything else around here! Well, aside from the gallons and gallons of coffee and Mountain Dew that runs the people..

    --
    Moderation totals that amuse me for one of my posts: Flamebait=1, Insightful=2, Funny=2, Overrated=1, Underrated=1
  4. Re:How much respect does MITRE command? by Shalome · · Score: 5, Interesting

    quoth the poster: How well is the MITRE Corporation regarded in general? How well are the thought of by the government in particular? How influential will their word on things be? You're kidding, right?

    On the front page of MITRE's website: MITRE is a not-for-profit national resource that provides systems engineering, research and development, and information technology support to the government. It operates federally funded research and development centers for the DOD, the FAA, and the IRS, with principal locations in Bedford, Massachusetts, and Northern Virginia.

    Trust me, they're extremely highly regarded and their analysis carries quite a bit of weight.

    --
    Moderation totals that amuse me for one of my posts: Flamebait=1, Insightful=2, Funny=2, Overrated=1, Underrated=1
  5. GNAT is part of GCC by norwoodites · · Score: 5, Interesting

    yes that is right even though the paper makes it sound like GNAT is a separate project from GCC, they are now one, GCC (GNU Compiler Collection). Their description says they are one now but I think this description was copied from each of their web sites.

    Also is not RTLinux longer consider free software, because it restricts more than the GPL due to patents?

    Also looks like they do not use csh at all which is under the BSD license. or pdksh which is in public domain, they are the default shells on OpenBSD.

    They are also missed Binutils from the GNU which is the assembler and linker for most open/free operating systems.

    Also is there not versions of sed and make and m4 and top that are under the BSD license?

    Is perl not dual licensed, GPL and artistic?

  6. Brilliant example of Microsoft by magi · · Score: 5, Interesting
    The document is an enjoyment to read. It has a few pearls which are especially enlightening. One of these is a table illustrating the actual freedoms and restrictions placed by various licences, for example GPL and a Microsoft's MIT EULA:

    Properties (a) through (e) in the table examine the ability of a license to co-exist with other types of software, e.g., the ability of FOSS licenses to co-exist with proprietary software. In this
    category, the most exclusive license is easily the Microsoft MIT EULA license 1 , which prohibits a number of FLOSS licenses from co-existing on the same platform as the EULA software. No other FLOSS or proprietary license encountered during the survey came close to this level of exclusivity. The GPL takes a very distant second place for exclusivity, since it forbids design- time incorporation of GPL source code into non-GPL source code. However, unlike the Microsoft MIT EULA, the GPL places no constraints on software simply running on the same system, and actually goes out of its way not to intrude on other licenses outside of that context."


    I didn't even know Microsoft has that restrictive license. It says here that it "Specifically bans use of: GPL, LGPL, Artistic, Perl, Mozilla, Netscape, Sun Community, and Sun Industry Standards."

    Microsoft's site shows the license. It's really true. This particular EULA seems to be for a "Microsoft Mobile Internet Toolkit Beta 2". They actually call OSS as "Potentially Viral Software" in the license.