MITRE Corp. Report On Open Source In Government

Jeremy Allison (of the Samba team) writes "Very interesting paper just published by MITRE corporation. (In PDF - they've learned not to use Microsoft Word. :-). Highlights: 'The main conclusion of the article was that FOSS software plays a more critical role in the DoD than has generally been recognised.'; 'Create a "Generally Recognised as Safe" FOSS list ... including Linux, OpenBSD, NetBSD, FreeBSD, Samba, Apache, Perl, GCC, GNAT, XFree86, OpenSSH, bind, and sendmail.' 'FOSS' stands for 'Free and Open-Source Software.' Looks like these people 'get it.'"

woohoo

[nicoau]

while everyone is reading it i'll sneak the first post. exactly...

Well....

Early post!

Sad day ... Stephen King dead

I just heard some sad news on talk radio - Horror/Sci Fi writer Stephen King was found dead in his Maine home this morning. There weren't any more details. I'm sure everyone in the Slashdot community will miss him - even if you didn't enjoy his work, there's no denying his contributions to popular culture. Truly an American icon.

Re:Rock on.

[kpansky]

Your link is wrong... for Halloween fun go to here. :)

Sad day - Timothy dead at 54

I just heard some sad news on talk radio - Slashdot editor Timothy was found dead in his Maine home this morning. There weren't any more details. I'm sure everyone in the Slashdot community will miss him - even if you didn't enjoy his work, there's no denying his contributions to geek culture. Truly an American icon.

mirror incase the comments get slashdotted

Yeah whatever (Score:-1, Troll)
by Anonymous Coward on Tuesday October 29, @01:11AM (#4553792) GIANTS lost. Motherfuckers! [ Reply to This | Parent ] Cool (Score:-1, Troll)
by Anonymous Coward on Tuesday October 29, @01:12AM (#4553793) cool [ Reply to This | Parent ] woohoo (Score:-1, Offtopic)
by nicoau on Tuesday October 29, @01:13AM (#4553797)
(User #469827 Info) while everyone is reading it i'll sneak the first post. exactly... [ Reply to This | Parent ] Generally Recognised as Safe. (Score:5, Insightful)
by Sivar (sivar AT email DOT com) on Tuesday October 29, @01:13AM (#4553798)
(User #316343 Info) "Generally Recognised as Safe ... bind, and sendmail."

I'm all for Unix server software, but BIND and Sendmail? True, they haven't been bad lately, but both of these are former poster childs for the land of remote root exploits. Yet Qmail, djbdns, and Postfix--some of the most secure software ever made, is strangely absent.
Well, it is the government. They are making progress in their own little way. :) [ Reply to This | Parent ]

Re:Generally Recognised as Safe. (Score:5, Informative)
by Sivar (sivar AT email DOT com) on Tuesday October 29, @01:17AM (#4553814)
(User #316343 Info)
Correction: Upon further inspection, Qmail is graciously listed, though the others seem to still be absent (unless I can't search properly).

"Qmail is a FOSS replacement for Sendmail, the
program that transfers emails between computers
on the Internet. Qmail has improved security,
reliability, and performance features."

Yep, that pretty much sums it up. I'm impressed. :)
[ Reply to This | Parent ]
o Re:Generally Recognised as Safe. Tuesday October 29, @01:26AM
* Re:Generally Recognised as Safe. by GreatDave (Score:2) Tuesday October 29, @01:24AM
* djbdns is a joke, as is qmail by Anonymous Coward (Score:-1) Tuesday October 29, @01:43AM

AL GORE IS YOUR PRESIDENT!!! DO SOMETHING!! (Score:-1)
by perthstyle on Tuesday October 29, @01:14AM (#4553802)
(User #567666 Info) Stupid american people. [ Reply to This | Parent ] Well.... (Score:-1, Offtopic)
by Anonymous Coward on Tuesday October 29, @01:14AM (#4553803) Early post! [ Reply to This | Parent ] Rock on. (Score:2)
by LoudMusic on Tuesday October 29, @01:15AM (#4553805)
(User #199347 Info | http://www.bigassfileserver.com/) Nice to see some of our tax dollars not going to waste on over-priced under-powered software.

I suppose this means there will be more job openings for geeks in government possisions. Get out your resumes guys and gals ... [ Reply to This | Parent ]

* Re:Rock on. by Sivar (Score:2) Tuesday October 29, @01:21AM
* Re:Rock on. by Anonymous Cowrad (Score:1) Tuesday October 29, @01:26AM
* Re:Rock on. by kpansky (Score:1) Tuesday October 29, @01:41AM

About time. (Score:3, Interesting)
by carlmenezes on Tuesday October 29, @01:17AM (#4553812)
(User #204187 Info | http://members.tripod.com/carl_menezes | Last Journal: Friday October 25, @01:28AM) About time somebody did something like this. I mean, to the average Joe, the advantages of FOSS are obvious. But the DoD need documents, papers...anything written. It's similar to businesses WANTING to pay for software and therefore keeping away from FOSS.

I guess everyone was waiting for somebody to basically do a "study" or write a paper that could be quoted or "fallen back upon" if you will.

Then again, this report is about the fact that FOSS already plays a more critical role. My point is, it's high time somebody came out and recognised the fact. Great job on the paper. [ Reply to This | Parent ] PDF format freer than Word? (Score:5, Interesting)
by coupland (dchase@ho t m a il.com) on Tuesday October 29, @01:17AM (#4553813)
(User #160334 Info | http://www.whengeeksattack.org/)

A very minor and unimportant comment:

Most companies when publishing in PDF format do so, not for openness but to preotect against copying or modification.

For example, my company works extensively with the FDA and we publish all our standard operating procedures (SOPs) in PDF format since it's so difficult to copy. We rely not on the openess of the format but on its limitations. Not earth-shattering but I wanted to mention that PDF is not a particularly open format, despite its structures being well known.
[ Reply to This | Parent ]

* Re:PDF format freer than Word? by pauldy (Score:2) Tuesday October 29, @01:43AM
* Re:PDF format freer than Word? by JordoCrouse (Score:1) Tuesday October 29, @01:43AM

Sad day ... Stephen King dead (Score:-1, Offtopic)
by Anonymous Coward on Tuesday October 29, @01:18AM (#4553819)

I just heard some sad news on talk radio - Horror/Sci Fi writer Stephen King was found dead in his Maine home this morning. There weren't any more details. I'm sure everyone in the Slashdot community will miss him - even if you didn't enjoy his work, there's no denying his contributions to popular culture. Truly an American icon. [ Reply to This | Parent ] "Generally Recognised as Safe" Reference (Score:3, Informative)
by gmanske on Tuesday October 29, @01:19AM (#4553823)
(User #312125 Info | http://slashdot.org/) If like me, you were wondering what the "Generally Recognised as Safe" reference was referring to, here's an excerpt of the executive summary of the report.

This list would provide quick official recognition of FOSS (Free and Open-Source Software) applications that are:

(a) commercially supported
(b) widely used and
(c) have proven track records of security and reliability (eg. as measured by speed of closures of CERT reports in comparision to closed-source alternatives)

Gmanske.
[ Reply to This | Parent ] This is a pleasant surprise... (Score:1)
by GreatDave on Tuesday October 29, @01:20AM (#4553825)
(User #620927 Info) While the Navy has its much-farted-upon attempt to build Win2k-powered "Smart Ships", the NSA has been developing SELinux (Security Enhanced Linux), their homebrew kernel.

It seems that the right hand doesn't see what the left hand is doing. That's the USA federal government for you. However, based on the existance of the "safe" FOSS list, perhaps the DoD is rethinking their investments in eN Tee. I sure hope so, for the sake of national security. Meh. [ Reply to This | Parent ] Infers that GPL means better security (Score:4, Interesting)
by AIXadmin on Tuesday October 29, @01:20AM (#4553831)
(User #10544 Info | http://slashdot.org/) In this paragraph MITRE seems to infer that GPL'ed software is some how more secure, or better able to be secured then other software.

"For Security, use of GPL within
groups with well-defined security boundaries should be encouraged to promote faster,
more locally autonomous responses to cyber threats. "
Page 3, Example 2.

This really makes no sense to me. Especially when the majority of the software they list as "heavily used infrastrucuture tools such as "Linux, OpenBSD, NetBSD, FreeBSD, Samba, Apache, Perl, GCC, GNAT, XFree86, OpenSSH, bind, and sendmail," are a good portion of NOT licensed under the GPL. (Yes I realize some, are but the majority of that list are not.)

Doesn't make a lot of sense. Considering most people would agree the most secure OS out there is OpenBSD. [ Reply to This | Parent ]

* Re:Infers that GPL means better security by FreeUser (Score:2) Tuesday October 29, @01:35AM
* OpenBSD Security Really? Tuesday October 29, @01:47AM

Exerpt (Score:3, Interesting)
by willpost on Tuesday October 29, @01:21AM (#4553833)
(User #449227 Info) Banning Free and Open Source Software would remove certain types of infrastructure components (e.g., OpenBSD) that currently help support network security. It would also limit DoD access to -- and overall expertise in -- the use of powerful FOSS analysis and detection applications that hostile groups could use to help stage cyberattacks. Finally, it would remove the demonstrated ability of FOSS applications to be updated rapidly in response to new types of cyberattack. Taken together, these factors imply that banning FOSS would have immediate, broad, and strongly negative impacts on the ability of many sensitive and security focused DoD groups to defend against cyberattacks.

Starting on page 32, theres a very nice glossary of common Free and Open Source Acronyms. [ Reply to This | Parent ] PDF? (Score:2, Troll)
by GoatPigSheep on Tuesday October 29, @01:24AM (#4553839)
(User #525460 Info | Last Journal: Tuesday October 15, @02:58PM) In PDF - they've learned not to use Microsoft Word

and it's a darn shame...
I hate it when documents are in a format that requires me to download a 10 meg viewer program to view in windows, while you can open up any old word file in wordpad (which comes with windows). It's nice to inconvenience 90% of computer users. PDF files also tend to be huge compared to .doc file, so it's slower to download too! [ Reply to This | Parent ]

* Re:PDF? by Charles Dodgeson (Score:1) Tuesday October 29, @01:38AM
o Re:PDF? by GoatPigSheep (Score:1) Tuesday October 29, @01:46AM
* Re:PDF? Tuesday October 29, @01:42AM
o Re:PDF? Tuesday October 29, @01:43AM
+ Re:PDF? Tuesday October 29, @01:45AM
+ Re:PDF? by failrate (Score:1) Tuesday October 29, @01:48AM

Slashdot Troll FAQ version 1.01 (Score:-1, Troll)
by Anonymous Coward on Tuesday October 29, @01:29AM (#4553851) So, you've always wanted to be a troll? Good choice. Trolling slashdot is a fun hobby. Let's deal with the basics first:

1. What is trolling?

Trolling is the art of pissing of people with too much free time, namely moderators. It's a highly amusing sport. A sucessful troll can cause tons of havoc.

2. Sound good. How do I troll?

The best trolls are somewhat subtle. For instance, posting "linux sucks!" and you will be immediently modded down. A smart troll might post

"Linux on the desktop is simply not an option right now. It's simply too hard to use. Forget what the typical microsoft hating linux zeolot says - the truth is linux is not a viable alternitive".

The above post is longer, and not a blatent troll. While it will piss off the typical long haired hippie it might even be modded up as insightful!

3. Hmm. Can you give me any tips on my first troll?

Certainly. Don't post typical troll phrases such as "Imagine a beowulf cluster of these!" or include a link to goats.cx. These are far too obvious, and will be modded down without comment. Likewise, whilst gettng first post is fun, don't say fp! I suggest using a little imagination, such as setting up a free redirector (like cjb.net) to point to goats.cx. Try and make the site relevant too the story, such as "Joe MIT hacker making his XOR gate out of water is pretty cool, but it's been done before here *put link to logic.cjb.net, which points to goats.cx, here*. Most moderators are lazy and won't click the link. Chances are you will be modded up as insightful.

4. Any other dirty tricks?

Sure, there's plenty. Whenever anyone includes a link, follow up and say 'Don't click here! it's a goats.cx link!' this will earn you karma whilst getting the sucker modded down. Another one: When the site featured in the story gets slashdotted, claim you have a mirror. Give the IP address of goats.cx as the mirror.

5. What should I avoid doing?

Please *don't* post stuff incolving disturbing sexial experiences of comments. We don't want to hear about what you did with a dog last week, nor what michael (the editor) does with 5 pounds of ice and a shovel. Not only is it sick but you give all trolls a bad name. Also, speaking in l337 makes you look like a teenage acne scarred moron. Finally, think carefully before you troll. You are trying to cause havoc. This will not happen if you are modded down within 30 seconds of posting. be subtle.

Have fun, and remember: trolling is an honorable sport.

[ Reply to This | Parent ]

* DONT CLICK HERE! Tuesday October 29, @01:38AM

Wait...another term? (Score:3, Funny)
by Rhinobird on Tuesday October 29, @01:29AM (#4553852)
(User #151521 Info) Isn't anybody gonna mention that RMS is going to say that FOSS should really be reffered to as Dental/FOSS? [ Reply to This | Parent ] Open source Sucks ass (Score:-1, Troll)
by windows is 1337 on Tuesday October 29, @01:32AM (#4553860)
(User #621322 Info) Who cares about open source in Government? I want my tax dollars going to Bill Gates instead of some backholed scriptkiddie free linucks bullshit just waiting to get xp10i73d. [ Reply to This | Parent ] PDF? (Score:2, Insightful)
by intermodal (severnaya AT moscowmail DOT com) on Tuesday October 29, @01:33AM (#4553861)
(User #534361 Info | http://slashdot.org/) whatever happened to good old ASCII or ISO text files? nothing says cross-platform than an ISO format [ Reply to This | Parent ] I work for the DoD.. open source rules! (Score:5, Insightful)
by Shalome on Tuesday October 29, @01:36AM (#4553871)
(User #566988 Info | http://www.opentechsupport.net/) I work for the DoD (and am lucky enough to work with MITRE folk as well), and we go for the open source solution whenever we can. Why? We're in security. We absolutely NEED to be able to hack our own code whenever necessary. We can't afford to be taken down by any sort of attack, whether it be a worm, virus, or directed attack -- and I'm not talking "afford" in the sense of a dollar amount. We also like to be able to do things like add signatures to our IDSs whenever we feel like it. We often notice and track new virus and worm activity before it "breaks." We can't wait for vendor updates.

I've sat through meetings with vendor reps where certain office members tore the reps some new orifices. I've heard from a *major AV/Firewall company name deleted* rep "Oh, you use open source FREEWARE! Well, if you want to go with something totally insecure that has absolutely no support and you don't know exactly what the code actually does..." The rep then sat there in stunned silence as the department head launched into a detailed tirade about how every member of the office not only knew what the open source we used did, most of us could re-write it if we needed to. The rep actually blushed and admitted that if we could do that, we didn't need their product.

Most of our offices do use Microsoft on most of the standard user desktops... but it's open source hacked-to-hell code that runs everything else around here! Well, aside from the gallons and gallons of coffee and Mountain Dew that runs the people.. [ Reply to This | Parent ] PDF (Score:1, Insightful)
by Anonymous Coward on Tuesday October 29, @01:40AM (#4553878) If they wanted the paper to be in an open format, and still be able to preserve formatting, why not use HTML? [ Reply to This | Parent ] Hey Timothy... (Score:-1, Flamebait)
by Anonymous Coward on Tuesday October 29, @01:40AM (#4553879) ...You're a Jerk! [ Reply to This | Parent ] No surprise (Score:1)
by e5z8652 on Tuesday October 29, @01:45AM (#4553898)
(User #528912 Info | http://slashdot.org/) I've always wondered about the supposed lack of "FOSS" at DoD. Aside from SE Linux, there are other quite public acknowledgements of support for open source software. From the back of the OpenBSD 3.1 CD case:

"This effort sponsored in part by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Material Command, USAF, under agreement number F30602-01-2-0537"

Kind of a big hint that someone somewhere in DoD thinks highly of OpenBSD.

Of course, this support may have since been reduced or eliminated due to the same pressure that the NSA faced with SE Linux. [ Reply to This | Parent ] Communists (Score:0)
by Anonymous Coward on Tuesday October 29, @01:45AM (#4553899) Commies shouldn't be allowed to work for the DoD. [ Reply to This | Parent ] Sad day - Timothy dead at 54 (Score:0)
by Anonymous Coward on Tuesday October 29, @01:46AM (#4553903)
I just heard some sad news on talk radio - Slashdot editor Timothy was found dead in his Maine home this morning. There weren't any more details. I'm sure everyone in the Slashdot community will miss him - even if you didn't enjoy his work, there's no denying his contributions to geek culture. Truly an American icon.
[ Reply to This | Parent ] How much respect does MITRE command? (Score:2)
by burgburgburg (splisken06 AT email DOT com) on Tuesday October 29, @01:46AM (#4553905)
(User #574866 Info) How well is the MITRE Corporation regarded in general? How well are the thought of by the government in particular? How influential will their word on things be?

By the way, the document summary shows that it was originally a Microsoft Word Doc titled "Microsoft Word - 3DBD823B-1ABD-0AA6.doc" with the author being www.

Interesting that the DOD uses GnuPG, Linux, Linux (Red Hat), FreeBSD, NetBSD, OpenBSD, OpenOffice, Perl, Perl CGI Scripts, PerLDAP, PHP, Tcl/Tk and TCP Wrappers, amongst others.
[ Reply to This | Parent ]

at last!

[agurkan]

YES!!!

all your base v2.0

In A.D. 2101
War start.

Captain: What occurs?
Mechanic: Certain people have established our bomb
Operator: We obtain the signal
Captain: Any !
Operator: The main screen opens
Captain: This is you ! !
Cat: How your gentlemen ! !
Cat: All your base belongs to us
Cat: You on the way of destroy
Captain: Any you said ! !
Cat: You do not have the opportunity for the survival therefore build your time
Cat: Ha Ha Ha Ha....
Captain: The remains are each ' zig '
Captain: You know any you
Captain: Moves ' zig '
Captain: For is huge the fair sum.

Re:PDF format freer than Word?

[zenyu]

Only half true. Microsoft offers [microsoft.com] a little known Word 2000 viewer (and similar viewers for Excel etc) that is available gratis [microsoft.com]. It's only free as in beer. I can use xpdf and the like to view pdf's... Also I've had the experience of the Word Viewer crashing on complex word documents. Only ones from Microsofties so far, but even so it's sad when I have to turn to openoffice to view a word file (even if it takes minutes to render a page), and then convert it to postscript to be able to view it in something solid like ghostview.