Slashdot Mirror

← Back to Stories (view on slashdot.org)

DoD Leads In Federal Open Source Usage

Posted by Soulskill on from the what-do-you-pick-when-it's-important dept.

GMGruman writes "A new open technology report card shows that only a third of federal agencies get a passing grade on open source usage and contribution, with the Defense Department leading the way. Savio Rodrigues explains what both government and business can learn from the DoD's open source prowess."

51 comments

  1. Umm ... by cgoodric · · Score: 2

    So if the DoD is the leading user of open source software by the feds, how come, as a supplier of software to the DoD none of my company's development can be done overseas?

    1. Re:Umm ... by Nadaka · · Score: 4, Informative

      Because foreign nationals are not permitted to view sensitive information.

      And your company can do development overseas, just not for the DoD.

      The DoD makes extensive use of open source software and has policies in place governing (but not forbidding) employees contributions to OS projects.

    2. Re:Umm ... by cgoodric · · Score: 3, Informative

      Our software does data integration. While the software itself manages sensitive information, there's no sensitive information in the source code. I fail to see how letting foreign nationals develop open source software is somehow more secure than letting them develop ours. I don't believe the concern is letting DoD employees contribute to open source. I believe the concern is allowing foreign nationals to insert malicious code into software that is used at the DoD.

    3. Re:Umm ... by Nadaka · · Score: 5, Informative

      Every permitted open source project is thoroughly inspected and vetted before it is cleared for use.

      Inserting malicious code is a concern, but it does not answer the question why you can not farm out DoD work to foreign shops.

      The requirements and design of most DoD projects are classified as sensitive. The rules for sensitive material state that it may not be distributed to any foreign national.

      Beyond that, there is a legal requirement for federal projects (and most state projects) that work be performed domestically. This is mostly for economic reasons.

      As a contractor you REALLY aught to know this already.

    4. Re:Umm ... by DrgnDancer · · Score: 5, Informative

      It's like this. I can go online (as a contractor or a DoD employee, I've been both) and purchase or download COTS (Commercial Off The Shelf) software that was created anywhere. It's COTS and it's considered market vetted. If we can examine the source code (OSS) even better. Linux is fine and was fine even before Linus became a US citizen. It's considered COTS, the Linux Red Hat sells to the DoD is the same Linux they sell to Google or Ford or Bolivia. Same with say, SAMBA, even though Jeremy Allison is Australian.

      On the other hand if I hire you to write custom code for the DoD then the requirements, documents, etc are all considered sensitive and you have to hire US citizens. If the government wanted a piece of software that was able to interface with Windows AD, for instance, (and they couldn't just use Samba for some reason) they couldn't hire Jeremy Allison to head up the effort even though he has a lot of experience from his work with Samba.

      --
      I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
    5. Re:Umm ... by iccaros · · Score: 1

      open source has to be vetted and checked before it is allowed to be used, most software I see being developed for DoD, is really just for one group and they normally do not vet the code. But the use of foreign programmers is handled thought the contact and FAR. Like we can use over seas programmers on our project, but the software has to be sent to the DoD test range before implemented, if we use cleared US programmers, they do no security checks. Is it right.. no all software should be checked but its the rules, and surprisingly we get in trouble if we go beyond the contract and implement a security check the Government did not ask for, as they will say we charged hours to unauthorized work.

    6. Re:Umm ... by rtb61 · · Score: 1

      Lines of code, stop and think about that for a moment. When any countries DoD starts with open source, they can start with a fairly clean source, that can be compared with the source being used by other countries DoD, everyone watches everyone else.

      So you have a new submission to be inserted, not replacing of all previous code just s portion of it, this portion of course can be readily audited.

      Closed source code is a huge problem for secure, even when they get the code, they get millions of lines at once which can take years to audit dependent upon the number of specialists put into the task. Now consider the contrary fiscal logic of DoD buying closed source code, they have to spend millions of dollars to audit code so that they can but licences of that code one desk at a time and those code audit cost for debugging and securing can be as expensive as writing the code in the first place.

      Open source means at least after having spent the money on auditing the code for bugs and security they at least don't have to continue to spend money on licences, now that would be corruptly crazy. Also bear in mind those auditing cost can be shared across departments and even with allied countries, making it really cheap per desk.

      Now closed source software corporations are fully aware of this which is why, they skulk around in the shadows making shady deals with people making the software procurement decisions to get unsecured, risky and expensive software in the door, all of it tied to permanent data retention lock in and, bull pucky retraining costs, typical corporate slime.

      --
      Chaos - everything, everywhere, everywhen
    7. Re:Umm ... by laptop006 · · Score: 1

      I'm pretty sure Jeremy's an American these days (or still British). You're thinking of Andrew Tridgell who is most certainly Australian.

      --
      /* FUCK - The F-word is here so that you can grep for it */
    8. Re:Umm ... by Anonymous Coward · · Score: 0

      How is that surprising? they don't want it but they have to pay for it. i'd be pissed, too.

    9. Re:Umm ... by Anonymous Coward · · Score: 0

      Thanks for the clarification.

      As for why I don't know this, I work in the field as a consultant on commercial projects (basically anything that's not a federal or state project.) The whole idea of the federal government using open source software seemed a bit dumb to me. :)

    10. Re:Umm ... by cgoodric · · Score: 1

      OK, so our company's software IS what you define as COTS. It's in production use by a number of commercial entities such as BP, Deuchebank, General Motors, Wells Fargo, etc. By your definition we shouldn't have any trouble with the feds about offshore development. That being said, the vast majority of accounts require some customization to fit the customers' needs (similar to the way most databases require customization for customers' use: creating tables, developing procedure code, etc.) This is all done within the product's development environment (none of the core source code is touched) and all customization work is done by cleared personel.

    11. Re:Umm ... by DrgnDancer · · Score: 1

      Bah, you're right. My bad.

      --
      I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
    12. Re:Umm ... by DrgnDancer · · Score: 1

      That sounds really odd, and I have no idea. Are you sure your company isn't misunderstanding the rules? The DoD uses tons of COTS code produced in other countries. Unless the database programming side of it is causing some weird rule interaction, I can't imagine why it would be a problem.

      --
      I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
  2. because... by Anonymous Coward · · Score: 0

    ...troops just use what they are told to use.

    fbcb2 runs Solaris.

  3. Bogus summary by Anonymous Coward · · Score: 5, Informative

    Most of the questions had to do not with using open source software but centered on transparent data access by the public, FOIA attitude, etc.

    Read the linked executive summary and then go to the criteria page.

    1. Re:Bogus summary by Anonymous Coward · · Score: 0

      Does the site intentionally use the Democratic Party/Barack Obama color scheme?

    2. Re:Bogus summary by McGruber · · Score: 1
      I concur. I work for one of the agencies that scored over 50% and we are completely locked-in to Microsoft products.

      As you would expect, our systems are complete shit -- our only IT support people are clueless MSCE types, we constantly have downtime, all of our internal "institutional knowledge" is being moved into sharepoint, and my head is gonna explode the next time someone mentions the word Ribbon.

    3. Re:Bogus summary by Anonymous Coward · · Score: 0

      (Quoting Seinfeld)
      Who doesn't want to wear Zee Reebon.....

  4. NewsForge Did an interview some time back ... by Sam+Nitzberg · · Score: 4, Informative

    NewsForge did an interview some time back about Open Source and Defense...
    http://samnitzberg.com/Papers/Why_open_source_works_for_weapons_and_defense__interview__JAN_2006.pdf

    -- Sam

  5. Obligatory Skynet reference by zill · · Score: 4, Funny

    I knew it! No proprietary software sweatshop could have churned out Skynet. Only the FOSS movement can produce something sublime enough to eradicate humanity.

    1. Re:Obligatory Skynet reference by Duradin · · Score: 2

      The terminators would have been busy too debating GPL v2 vs. GPL v3 (when they all weren't yelling at the one BSD proponent to shut up) to get around to wiping out humanity, although I suppose you could count humanity's mass suicide to escape the inanity of it all as the machines' doing.

    2. Re:Obligatory Skynet reference by tqk · · Score: 2

      Only the FOSS movement can produce something sublime enough to eradicate humanity.

      Terminator running Win* vs. Terminator running FLOSS? So, what actually happens when a Windows Terminator gets infected with malware? It starts saving the planet?

      If you're Skynet, why take the chance?

      --
      "Tongue tied and twisted, just an Earth bound misfit ..." -- Pink Floyd.
    3. Re:Obligatory Skynet reference by Anonymous Coward · · Score: 0

      I knew it! No proprietary software sweatshop could have churned out Skynet. Only the FOSS movement can produce something sublime enough to eradicate humanity.

      That's because if Skynet was Windows-based, humanity would end up eradicating itself out of sheer frustration!

    4. Re:Obligatory Skynet reference by Anonymous Coward · · Score: 0

      thats why evil cyborgs invented OSX

      it looks open
      but is really a shiny metallic veneer designed to disguise pure evil

      DONT ARGUE! REALITY DISTORTION FIELD IN FULL EFFECT!

  6. DoD endorsed FS on fsf.org by ciaran_o_riordan · · Score: 4, Informative

    The US DoD even gave FSF an endorsement of free software for fsf.org:

    http://www.fsf.org/working-together/profiles/department-of-defense

    Others:
    http://www.fsf.org/working-together/whos-using-free-software

    --
    Expert in software patents or patent law? Contribute to the ESP wiki!
  7. I for one am shocked! by bsDaemon · · Score: 3

    I for one an shocked that the department which started ARPA then built the Internet around open standards and Berkeley Unix would be friendly to open source software. This is big news! Seriously though, I am slightly surprised that DOE didn't take the top slot.

    1. Re:I for one am shocked! by Anonymous Coward · · Score: 0

      ...Seriously though, I am slightly surprised that DOE didn't take the top slot.

      Department of Ecology? Department of Education? Department of the Environment? Department of Energy? =p

    2. Re:I for one am shocked! by AbrasiveCat · · Score: 1

      I for one avoid telling management and IT what OSs I am running for my research (when I can. Well they did make me get rid of the OpenBSD boxes I was using to protect an inner network. They got replaced with some cisco product.) So I am a little surprised if the survey is reflective of the research side of government.

    3. Re:I for one am shocked! by cayenne8 · · Score: 4, Interesting
      Well, it is a relatively NEW thing for the DoD to allow any open source software to be used on their networks. Just a few short years ago (5 or so), it was almost impossible to get them to use anything on any of the systems I was associated with. Solaris used to be the OS of choice for server rooms, and Oracle the database.

      I've seen a LOT of Linux these days replacing Solaris...Oracle still rules the database as from my experience. I've wanted to try to get some dev to test out using postgres, which would be a natural open source alternative as that it mimics Oracle a great deal, not extremely hard to convert to from Oracle....and it does have scalability that I still believe elludes MySQL....

      Whatever we have done...we always try to discourage windows and MSSQL from the server rooms. So far so good on most projects I've worked on.

      But it took a LOT of effort to get the DoD and related branches of govt to start even to consider open source.

      --
      Light travels faster than sound. This is why some people appear bright until you hear them speak.........
    4. Re:I for one am shocked! by nschubach · · Score: 3, Funny

      The Department of E involves everything that begins with the letter E.

      It's the new naming scheme meant to simplify government. Codename: Sesame Street.

      --
      Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
    5. Re:I for one am shocked! by Anonymous Coward · · Score: 0

      I for one an shocked that the department which started ARPA then built the Internet around open standards and Berkeley Unix would be friendly to open source software. This is big news! Seriously though, I am slightly surprised that DOE didn't take the top slot.

      ARPA really is a teeny tiny part of the DoD.

      Personally, if there's any large factor that drives it, I suspect it's that the bureaucracy is so inept at managing contracts and licenses. In a business, if you need database X and have the budget for it, if someone fucks up the purchase they stand a chance of losing their job. In military / government, you can put in a request for X, wait six months and get Y because someone decided you couldn't possibly need X without even asking you.

      So, though it might be lacking features and though money might not be an issue, often times FLOSS is competing with nothing.

      Leaving philosophy out of it, licenses and DRM and such have always been bad business, but the commercial guys are simply in denial about this.

    6. Re:I for one am shocked! by jlechem · · Score: 2

      I agree, I worked as a USAF, DOD, and FEMA contractor. Open source was strictly VERBOTTEN. They didn't like the unknown linking clause (that has been resolved?, I don't follow open source that much) and they really didn't like anyone being able to see the code that was being used on their secure networks. I can see unclassified systems being able to use open source but nothing above classified.

      --
      Hold up, wait a minute, let me put some pimpin in it
    7. Re:I for one am shocked! by Anonymous Coward · · Score: 0

      Actually, the DOD doesn't have a problem with Open Source, they have a problem with software that isn't supported. Another problem is with copyleft licenses such as the GPL. I see the article mentioned avionics software that used a GPL licenses compiler, GCC.

      The FSF specifically says that if you link to the GPL code in anyway that when you distribute that code then you must provide your software too -- making it open source. That will not work in most cases. So GPL and EPL are not good, Apache and similar licenses are ok. Red Hat's software has a different kind of license that isn't viral like that.

  8. Misleading Quote by m_chan · · Score: 2
    No where does the source article correlate the statistics to "passing" or not. The editorial article does.

    Said differently, only one-third of agencies and departments evaluated received a passing grade"

    "Said differently" being the key phrase.

  9. LoL by Anonymous Coward · · Score: 0

    Yes we can learn, remember non random tcp sequence in linux and suspicions of backdoors in openbsd.

  10. Good... by Anonymous Coward · · Score: 0

    Can they pass this down from the top level to the other 99% of the DOD now? We are regularly turned down for IA approval on applications BECAUSE they are open source, only recently have apache and firefox been allowed. In the AFMC at least we have to hunt for months and pay $50k for a program that can diff folder structures...

    1. Re:Good... by DrgnDancer · · Score: 3, Informative

      Sounds like a G-6 (or whatever the communications office at your approval authority level is called) issue. DoD is rife with OSS. I'm a senior systems person at a DoD lab that is almost entirely Linux. Most of the Army's new tactical computer (brigade and below) war-fighting systems are Solaris. The version they use may not be entirely open source (though it might be, I don't know), but it's full of OSS components. Firefox has been allowed everywhere I've worked (as a contractor) or served (as a soldier). DoD as a whole is very OSS friendly and has been for ~the last eight to ten years or so.

      --
      I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
    2. Re:Good... by Nadaka · · Score: 2

      The approval process for open source projects takes time. Months, often years. If a open source product is asked for enough, it will be inspected and approved eventually if no major concerns are found.

  11. Sea change by wiredlogic · · Score: 4, Informative

    This is a dramatic change from the state of affairs ten years ago when the idea of running Linux and using open source in a secure environment would get you laughed out of the room. MITRE produced a white paper back then that has slowly helped to put the gears of change in motion.

    --
    I am becoming gerund, destroyer of verbs.
    1. Re:Sea change by Anonymous Coward · · Score: 1

      Culminating in the DoD memo(s) on the topic:

      http://linux.slashdot.org/story/09/10/27/2115243/New-DoD-Memo-On-Open-Source-Software?from=rss

  12. Figures by Anonymous Coward · · Score: 0

    The department that kills people uses open source, the department that helps the poor uses closed source.

    1. Re:Figures by tqk · · Score: 1

      The department that kills people uses open source, the department that helps the poor uses closed source.

      In theory at least, it's called the Defence Department, not "the department that kills people."

      As for the one that "helps the poor", what else should they be wasting their money on, the poor?!? What, you want that dept. to actually get something done?!?

      I wish to hell that either of them would hire me to show how easy and robust this stuff is. In my dreams.

      --
      "Tongue tied and twisted, just an Earth bound misfit ..." -- Pink Floyd.
  13. Re:Passing grade? by tqk · · Score: 2

    Why harbor such animosity against freetards?

    He's afraid his boss is going to see the logic of our arguments, and then he won't be able to explain everything away just by waving his hands around about viruses, malware, and crackers. Oh, and he'd need to learn to actually think about what he's doing, instead of wasting all his boss' time in MS-Project, Photoshop, Facebook, ...

    --
    "Tongue tied and twisted, just an Earth bound misfit ..." -- Pink Floyd.
  14. Does this really suprise anyone?!?!?!? by Schmyz · · Score: 1

    For years the common workers at the DOD have had to hack and steal software to get the job done...why wouldnt they use an open source??? I have a buddy that has told me the submarine he is on is always using boosted software.

    --
    Joe Investor
    1. Re:Does this really suprise anyone?!?!?!? by Jaxoreth · · Score: 1

      I have a buddy that has told me the submarine he is on is always using boosted software.

      Well, it's not like the BSA can bust in and conduct a surprise raid on a submarine.

      --
      In general, it is safe and legal to kill your children. -- POSIX Programmer's Guide
    2. Re:Does this really suprise anyone?!?!?!? by matthewd.net · · Score: 1

      Gotta watch those EULAs...

  15. Red Hat by MyCookie · · Score: 1

    Hey, wasn't it the DoD who said a while back that they are "the sigle largest customer base for Red Hat Enterprise Linux"? Props to them!

  16. Terminator source code by mangu · · Score: 1

    The Terminator uses Apple II code. It was published on Nibble magazine so, yes, it is open source.

  17. Well, they did invent Open Source after all by Anonymous Coward · · Score: 0

    It was the DoD who asked for MULTICS to be open source so they could audit the code, for obvious reasons. They are also the ones who came up with the Orange Book, so it's no surprise they are still doing the same thing.