Congress Endorses Open Source For Military

A draft defense authorizing act in Congress includes wording plugging open source software. It seems both cost and software security were considerations. This is an important victory for open source. "It's rare to see a concept as technical as open-source software in a federal funding bill. But the House's proposed National Defense Authorization Act for Fiscal Year 2009 (H.R. 5658) includes language that calls for military services to consider open-source software when procuring manned or unmanned aerial vehicles."

Re:GPL'd software

[Flying+Scotsman]

are they required to provide the source code to terrorists so they can attempt to crack it?

From my understanding of the GPL, this would only be true if the government is distributing the modified binaries to the terrorists. If the changes are internal-use only, there isn't a GPL conflict by not distributing the modified source.

Clarifications on Military Open Source

[RobBebop]

I already see some misunderstanding in other threads in this conversation. (a) people say the military won't give back the changes they make to GPL software. (b) people say that because it is GPL, the "bad guys" will get it.

For the first point, the GPL does not require changes to be merged back into the main development area. It allows (and encourages) projects to FORK the source code into new projects when different applications are desired. This keeps the original projects clean from "feature creep" and gives the different (competing) development teams control of their own development. The limitation that the GPL imposes is that if an organization wants to DISTRIBUTE the executable versions of their software, they would need to include an offer to distribute the source as well. Since it is not in the US military's interest to distribute their software, there is no real concern of (b) the "bad guys" getting the software.

In that vain, the "bad guys" would have access to the baseline version if they can figure out what software has been forked into military applications. If the US military is foolish enough to operate this using defaults that are hackable, then it serves them right. I personally think that they are more qualified than that.

A last concern is (c) THIS IS BEING FUNDED BY TAXPAYER MONEY AND IT SHOULD BE OWNED BY THE TAXPAYERS. This is false. I mean, the funding does come from taxes, but the public has no more of a claim for software that is developed for military applications using FOSS software than they do over the software, hardware, and designs of any other piece of military equipment ever designed. These instruments are created for the purpose of providing national security. If the designs were made public, then security WOULD be compromised. Ergo, in the interests of national security it's important for that information to be kept private.

Final point, the GPR (Government Purpose Rights) license. This is a thinly veiled government source license that I have seen the military force on subcontractors in recent years to force Boeing, Lockheed, and all the rest to "play nice". The GPR license is a requirement on contracts so that the government gains the right to send software developed by Lockheed over to Boeing for further analysis. Believe it or not, frequently in legacy codebases you see "Proprietary of XYZ Corporation" and for the most part the government tries to acknowledge these rights. However, they realize that many things are developed over and over again by different companies because they are prevented from leveraging off of each others work (at the cost of the taxpayers). It is encouraging, therefore, to see the government prevent this with GPR.