Slashdot Mirror

← Back to Stories (view on slashdot.org)

White House Releases Federal Source Code Policy To Help Government Agencies Go Open Source (whitehouse.gov)

Posted by BeauHD on from the taxpayer-dollars dept.

dwheeler writes: The U.S. federal government just released a new Federal Source Code policy (PDF). For each of the next 3 years, at least 20 percent of custom-developed Federal source code is to be released as open-source software. Earlier this year, Tony Scott, Federal CIO of the U.S. government, wrote on the White House blog that the U.S. government "can save taxpayer dollars by avoiding duplicative custom software purchases and promote innovation and collaboration across Federal agencies." Today, they released the Federal Source Code policy. TechCrunch reports: "The main requirement is that any new custom source code developed 'by or for the Federal Government' has to be made available for sharing and re-use by all Federal agencies. For example, this means that the TSA can have access to custom made software that was commissioned by the FBI. Considering there is probably a great deal of overlap in applications needed by certain branches of the Federal Government, this rule alone should save the government (and taxpayers) a great deal of money. In fact, the policy states that 'ensuring Government-wide reuse rights for custom code that is developed using Federal funds has numerous benefits for American taxpayers.'"

61 comments

  1. I thought we wanted security by Anonymous Coward · · Score: -1

    I'd really prefer that federal agencies be secure against hackers. If they use open source, hostile countries like Iran and North Korea will be able to look for vulnerabilities in the code and more easily hack into the federal government. The source code should be secret, which will help keep out hostile countries. Security should be the primary goal, and therefore the source must be closed.

    1. Re: I thought we wanted security by Anonymous Coward · · Score: 2, Insightful

      I, the taxpayer, paid for it and demand that it's open. If it gets attacked, it will be fixed.

    2. Re:I thought we wanted security by Anonymous Coward · · Score: 1

      Security through obscurity is a phantasm. But closed source companies (and their sympathizers) continue to tout it.

      This is not to say that open source has had no vulnerabilities. But far fewer than closed source, albeit closed source has more attackers.

    3. Re:I thought we wanted security by dcollins117 · · Score: 5, Insightful

      The source code should be secret, which will help keep out hostile countries.

      Obscurity is not security. I'm more comfortable looking at a disassembly than I am with source code. The disassembly doesn't lie.

      I'm a white hat, for the record. It's my job to help people, not inconvenience or hurt them.

    4. Re:I thought we wanted security by MightyMartian · · Score: 1

      I'd prefer it if trolls were hunted down by hungry dogs with steel fangs, castrated, and then sent to work in coal mines without air filters.

      I guess neither one of us is going to get what we want.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    5. Re:I thought we wanted security by Dutch+Gun · · Score: 3, Insightful

      I'd really prefer that federal agencies be secure against hackers. If they use open source, hostile countries like Iran and North Korea will be able to look for vulnerabilities in the code and more easily hack into the federal government. The source code should be secret, which will help keep out hostile countries. Security should be the primary goal, and therefore the source must be closed.

      All this means is that you don't understand software security. There's no guarantee that open source is free of security issues, of course. But at the very least, it does mean that you're not depending on some "secret" in the code to remain secure, which is NOT any sort of security at all.

      The most widely used security algorithms in the world are open specifications and have open source reference implementations, in case you aren't aware. These algorithms and implementations can never be proven secure except by their resistance to determined attacks over time, and this can only occur when they are publicly available for researches to work on ways to crack them.

      --
      Irony: Agile development has too much intertia to be abandoned now.
    6. Re:I thought we wanted security by Anonymous Coward · · Score: 0

      Don't worry, they only have to release 20% of the code as open source. All the Norks will get is several thousand new implementations of left-pad.js every year.

    7. Re: I thought we wanted security by Anonymous Coward · · Score: -1

      I, the taxpayer, paid for it and demand that it's open. If it gets attacked, it will be fixed.

      Thank God we are still a democracy, and fools like you have no say whatsoever in matters like this.

    8. Re:I thought we wanted security by LostMyBeaver · · Score: 1

      Wouldn't it be dependent on the project, the maintainers, the organization, the feedback mechanisms and the underlying structure of the code to begin with?

      Or should we get into a "Which is better, Chocolate or Vanilla?" thing.

      Open source projects managed by systems like GitHub and forums are often maintained very well. But there are hundreds of projects placed into the open source that are left floating with no support for every one project which actually has a support infrastructure.

      Federal contracts work in such a way where the code will now be made open (at least within the federal government) and once the contract is half way done or delivered, the contractors will be moved to something else and the code will die a slow painful death with no support.

      Closed code itself isn't more secure than open source. They are exactly the same. It's how well they were made and how well they were maintained that matters. What really matters is whether there's an organization that is supporting the product open or closed. If a company prefers their code to be closed and that they maintain it themselves, that's their choice. The government should however require that they receive a source license to all code they use.

    9. Re:I thought we wanted security by mlts · · Score: 1

      At the _minimum_ a source code escrow service, so if a contract is left unfinished or a business files for bankruptcy, the work made can be picked up by others and things continued. If I were paying someone megabucks to write up something, either the source code will be part of the contract, or it will be escrowed so that one party doesn't have a monopoly.

    10. Re:I thought we wanted security by Bert64 · · Score: 1

      It's also a myth that closed source is truly closed, the source code is out there somewhere and malicious parties certainly have the source for various closed source software.
      The difference is that when the only way to obtain the source is illegal, legitimate whitehat researchers won't be able to look at it which gives the upper hand to those who don't care about legality. With open source, everyone has equal access.

      It's also not really true that closed source has more attackers... Most networks place devices running open source code in front of devices running closed source to protect them (eg most firewalls and other security appliances are linux or bsd based), and there are many systems out there running on open source which would be highly sought after by various blackhats (eg the fastest supercomputers in the world run linux). There are plenty of people attacking open source code, and plenty of motivation for them to do so.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    11. Re:I thought we wanted security by Bert64 · · Score: 1

      Wether code is open or closed has no relevance on the decision of the original authors to continue supporting it, the two things are not directly related at all.

      Many closed source projects also cease being maintained, you just don't see the code languishing on github because its languishing on an internal code repository at the original vendor instead.

      Some vendors decide to open source code that they no longer have any interest in, but the fact they're open sourcing it is not the reason they've lost interest in it - that's usually already happened or would have happened anyway. Open sourcing in this instance is just the equivalent of leaving goods on the curb with a "free to a good home" sign.

      If closed source code is unmaintained the code is dead... If you use or depend on that code you're screwed.
      If open source code is unmaintained the opportunity exists for someone else to take over maintenance. If the code still has users, those users can take over maintenance themselves or band together to do so. If noone is using the code then it doesn't really matter and it remains online as an educational reference which may still help someone in the future.

      Being open presents additional opportunities which being closed does not, and being closed does not prevent code from ending up abandoned and unmaintained.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    12. Re:I thought we wanted security by Anonymous Coward · · Score: -1

      Obscurity is not security.

      That's why nobody should care when CNN blabs about what the police are doing as they prepare to storm a building with an active shooter, amirite? Soldiers rolling out to a fight should Instagram all the way to the suck, hey? OpSec is for lamerz.

      No, software security is "different" and "novel" because it's "ON THE INTERNET!(TM)"

      Obscurity is a valid and useful layer of the ol' onion. Move SSH from the default port, and you've just stopped a metric fuckton of attacks.

      Relying on obscurity alone is asinine, of course - just as asinine as relying on the magic of open source woo alone. (Many eyes don't mean shit when they're busy looking at porn instead of code, just ask the good folks affected by Heartbleed.)

    13. Re:I thought we wanted security by Anonymous Coward · · Score: 0

      > The disassembly doesn't lie.

      When you're debugging it, it's merely incorrect. I wish you luck understanding what it was _supposed_ to do.

    14. Re: I thought we wanted security by Anonymous Coward · · Score: 0

      My take is that it's just the ability to share the codebase; the policy does not set up a common program office for each and every software development acquisition. If you have an issue, you now have the means to fix it but it will not be fixed on your own behalf. That requires money and I'm sure Program Managers and their sponsoring SES's will use this as another posturing tool in the coming years.

      It will help if it's not bastardized or explicitly written out of contracts by contractor collusion to the point where no one will bid on a contract specifying this Policy as a requirement (like with attempts to implement fixed fee contracts)

    15. Re:I thought we wanted security by TheRaven64 · · Score: 1

      Open source does not mean that it has to be community developed. It means that the customer (the part of the government paying for it) must receive a bunch of rights along with the source code, including the rights to modify and distribute the code. On the same front page as this is a story about the Metropolitan Police having 27,000 computers still running Windows XP, which has known remotely exploitable vulnerabilities. The biggest reason for companies sticking with old versions of Windows is that they have some bit of software that doesn't work with Windows 7 and doesn't have updates. If a branch of the government has some open source software that doesn't work with their new OS, then it's 'just' a matter of cost to fix. They won't have problems where the original supplier has gone out of business, or isn't interested in producing a new version, or wants to sell you a different and incompatible product. They can always pay someone to port the code to the new OS, and then decide whether it's cheaper to do that than to migrate to a different system.

      --
      I am TheRaven on Soylent News
    16. Re:I thought we wanted security by Anonymous Coward · · Score: 0

      I spy a troll....

  2. I Can Haz by Anonymous Coward · · Score: 0

    I can haz teh codez 2 HealthCare.gov? No thank U.

  3. End of FY15-16 Promotion Bait by Anonymous Coward · · Score: 0

    Just a cheese promotion bait from Tony Scott before the Obama implosion.

    Using the song "National Brotherhood Week" we can sing:

    The NSA hates the FBI
    The FBI hates the NSA
    The Whitehouse Hates Wikileaks
    and everybody hates the DEA

    National Brotherhood Week

    Haha

  4. Break-even point? by namgge · · Score: 2

    IME, writing code that is reusable is quite hard. Getting it into a form that using it in another project is worthwhile is costly. It'll be interesting to put in a FOI enquiry in a few years to see whether the benefits outweigh the costs.

    1. Re:Break-even point? by wbr1 · · Score: 1

      This would be a GAO report. Probably not FOI

      --
      Silence is a state of mime.
    2. Re:Break-even point? by Antique+Geekmeister · · Score: 1

      > IME, writing code that is reusable is quite hard. Getting it into a form that using it in another project is worthwhile is costly.

      Writing code to do extremely similar or even identical functions 3 times for 3 different projects is much _more_ costly, and each version is likely to have unique bugs. I'm also afraid that it's extremely common. Standardizing poorly integrated code from different companies or different projects covers a great deal of my paycheck and has vastly improved performance and reliability in almost all cases.

  5. Public money by phyr · · Score: 4, Insightful

    Public software from public money. The model works well for scientific software at NASA, ESA, CSA, etc.

    1. Re:Public money by Anonymous Coward · · Score: 0

      Not any more. Publicly-funded software used to have to be available to the public. The law was changed.

    2. Re:Public money by bfpierce · · Score: 1

      It is a great model.

      Too bad that's not what this is.

    3. Re:Public money by Anonymous Coward · · Score: 0

      So where can I as a US citizen download the source?

    4. Re:Public money by rtb61 · · Score: 1

      So as it is public software for public money, then the US Library of Congress should be expanded to incorporate a FOSS software repository. Which would be made available for people to deposit, maintain and download FOSS software, this as a matter or public record to apply some security principles for that software so that it is safe to use by government departments. A copy of the source code of all government software projects should reside there.

      --
      Chaos - everything, everywhere, everywhen
  6. I thought Tony Scott killed himself by Anonymous Coward · · Score: 0

    If he didn't, there probably will be some large software companies that gladly give him Uber fare to the nearest bridge.

  7. "source code" by Anonymous Coward · · Score: 0

    "is meant to be read by people" -- it's the law now motherfucker! hahaha!

  8. Not Open Source by Anonymous Coward · · Score: 0

    The original article doesn't use Open Source as a term. Why does the editor add it as a buzzword?
    They're sharing code across Federal agencies only.

    1. Re:Not Open Source by bondsbw · · Score: 1

      From the first link (PDF):

      SUBJECT: Federal Source Code Policy: Achieving Efficiency, Transparency, and Innovation through Reusable and Open Source Software

      to release at least 20 percent of new custom-developed code as Open Source Software (OSS) for three years

      develop an open source software policy that, together with the Digital Services Playbook, will support improved access to custom software code developed for the Federal government

      and several other instances of the term.

      Also, under the first heading "Objectives" it clearly speaks to sharing code with the public as well:

      Establish requirements for releasing custom-developed source code, including securing the rights necessary to make some custom-developed code releasable to the public as OSS under this policy's new pilot program;

      Did you even try?

      --
      All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
  9. Software needs to be written for reuse by Todd+Knarr · · Score: 3, Informative

    Big problem here: a lot of software where the functionality could be reused can't be reused because it wasn't written for reuse. It'll have a lot of instance-specific code scattered throughout, for example logging functions that're specific to the system it was first written to run in. The result is it's easier and faster to write it from scratch than to try and remove the instance-specific code from the original source to make it suitable for use somewhere else. An open-source policy doesn't need just a mandate for reuse, it needs a mandate for making software reusable at the time it's written. That, unfortunately, is something any developer can tell you is really hard to get management to agree to.

    1. Re:Software needs to be written for reuse by Anonymous Coward · · Score: 0

      Even if what you say is true, just having the opportunity to examine the code in detail may be valuable. It's always harder to start completely from scratch when writing software. Sometimes a little kit bashing is just what the doctor ordered. Sharing code helps spark new ideas and jumpstart other projects. There's value there, even if the shared code is not in an immediately usable form.

    2. Re:Software needs to be written for reuse by JamesOlinOden · · Score: 1

      Section 3, Three-Step Software Solutions Analysis after listing its three steps says: "Agencies must also consider several factors throughout each stage of the three-step analysis:", and then bullet B of this says: "Modular Architecture: Agencies should consider modular approaches to solution architecture. As discussed in the Digital Government Strategy, modularity can reduce overall risk and cost while increasing interoperability and technical flexibility." So it looks like they are at least attempting to go for re-usable.

    3. Re:Software needs to be written for reuse by ebvwfbw · · Score: 1

      I think one big problem will be NIH - Not Invented Here syndrome. So many guys in the industry, if they didn't write it and it wasn't written by their group, it's crap. Never mind another agency.

      We may see *standards* out of this. Standards are wonderful. They're so many of them to choose from.

  10. Source Control by reemul · · Score: 2

    I don't honestly care if the software is open source, use what works best regardless of whether RMS approves or not. What I really want to see instead is publicly accessible document management for the laws and regulations. I want to be able to determine exactly who entered in every single word, made every single edit, and when they were committed to the document. No more "I don't recall who added that" or "I have no idea who made that change". And make sharing a login a felony, so a member of Congress can't give out their login credentials to their entire staff and then disavow personal responsibility. If someone pastes in 5 pages from a lobbyist late at night hours before the vote, I want to know precisely who did it and under what circumstances. Full transparency, right down to the single word or punctuation mark. The technology is cheaply available right off the shelf, they could implement GitLaw across the entire government by year's end for less than they spend on lawyers to defend FOIA lawsuits in a single quarter.

    --
    You're just jealous 'cuz the voices talk to *me*
    1. Re:Source Control by gtall · · Score: 1

      Scale is important, son. Now go back and figure out how much you'd like to raise your taxes to pay for such a scheme. Get back to us on that figure.

    2. Re:Source Control by Anonymous Coward · · Score: 0

      This kind of thing could save more money than is spent on it, as well as have follow on effects.

      How much is it costing us as a society to not know who is responsible for initiatives, and to have no accountability in our leadership?

      How many other government programs are hanging off of Social Security for their budget, and how many times have we been told that's a positive thing, when in fact it's extremely negative given that those programs do not have any way to pay Social Security back? When the government either drastically raises taxes to continue to fulfill its obligations to seniors or defaults on them, it would be nice to be able to go back and see every program feeding on the SS budget and nix them all.

      If documents were linked directly to their funding stream, and the funding stream directly to the taxes, fees, etc where the money comes from, and all changes tracked in a way that cannot be denied, things would change quickly in DC.

    3. Re:Source Control by Anonymous Coward · · Score: 0

      I agree with the transparency concerns.
      For posterity's sake and clarification: RMS isn't in the open source camp. Free Software and Open Source are not interchangeable.

    4. Re:Source Control by Anonymous Coward · · Score: 0

      I don't honestly care if the software is open source, use what works best regardless of whether RMS approves or not..

      You've got it backwards. This is about open sourcing code that developed with taxpayer money and NOT about using open source for elsewhere.

  11. From US GSA 18F on security and open source... by Paul+Fernhout · · Score: 1

    From: https://18f.gsa.gov/2014/11/26...

    Security and open source

    "System security should not depend on the secrecy of the implementation or its components."
    -- Guide to General Server Security, National Institute of Standards and Technology

    A codebase is a terrible secret.

    Because a codebase is so large, it cannot easily be changed. Furthermore, it must be known, or at least knowable, to the large number of people who work on it, so it cannot be kept secret very easily. This is represented at the bottom of figures two and three. Therefore "security through obscurity" is a terrible idea when it comes to a codebase. In most cases your system will consist of code which you reuse as well as code that your write yourself. Therefore both of these types of code should be open.

    Of course, your system will have secrets in most cases -- keys, passwords, and the like -- but you should assume they have been discovered and change them often. We call these secrets a "red thread", because, like a red thread in a white handkerchief, they should be as vivid and thin as possible. By making them thin, such as a single password, you make them very easy to change and keep secret. Although these secrets are tiny, they must be managed carefully and conscientiously. We believe this concept is so important that we have placed it on our reusable version of the Wardley-Duncan map linked to above.

    There are risks of defects and complexity associated with using open source modules indiscriminately. There are also security vulnerabilities to any system, either through negligence or by the intention of a bad actor. The key to preventing this is code review.

    You must make sure that each component you use is code reviewed. In practice this means either that you must use very popular projects whose code is looked at by a large number of people on a regular basis, or you must use small projects which your team can code review itself. In practice, the criteria for making this decision for reused components is similar to the rules of thumb that we have already laid down for managing risk.However, you may need to adjust these rules of thumb based on how often you plan to update the component.

    For example, a small component which is very stable need not be updated at all. If it is small and you can code review it or pay a team to code review it, then you may use it. On the other hand if the project has frequent updates, your team will have to decide how to manage these updates. A large project may have both stable and experimental branches. In general your team will want to update as frequently as the major number of the branch. If the project is very active and many people are looking at it, this does not represent a security risk. If however a project is changing rapidly and producing many releases and your team does not have the resources to ensure that each new release is code reviewed and you do not trust the community to do so, then you probably should not use that component.

    With an open source component, it is at least possible to understand how much code review it is receiving.We know of no way to do this for closed source code kept as a secret.A firm which is asked to maintain the security of the code that it has written is placed in a conflict of interest. It isn't in its short-term interest to spend resources on this code review, and it is not in its short-term interest to admit defects.

    Security of your own code

    Make all your code open and examinable from the start. Moreover, it is best to encourage as many people to look at it, because the more people who seriously review the code the more likely a security flaw is to be found. Programmers will code more securely when their code is in the public's eye from the beginning.

    Code that you write or contract to have written should be open source from the start, because it relieves you of the terrible risk and burden of maintaining the secrecy of the codebase. This means not only that it is published under an open source license as explained in our open source policy, but that it is published in a modern source code control system.

    --
    A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
  12. Great, so... by Anonymous Coward · · Score: 0

    So we should have a government repository that's available and open for hosting the code, right?

    1. Re:Great, so... by bondsbw · · Score: 1

      I assume this is what code.gov will be for.

      --
      All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
  13. Re-use Federal Agency Code? by Anonymous Coward · · Score: 0

    No, thank you!

    Most of that government code is shit written by someone who doesn't know what they are doing either through inexperience or incompetence hired by the lowest contact bidder.

    I know because I've seen and rewritten some of it because it was utterly wrong, wrong and um... wrong.

  14. Bug bounty program? by Aryeh+Goretsky · · Score: 1

    Hello,

    I did not see any mention of a bug bounty program. Is there one? If the federal government would like to not just have its open sourced software reviewed but actually receive reports of bugs, they should consider adding a bug bounty program to encourage programmers to report any errors they find to the federal government, instead of selling it to an adversary.

    Regards,

    Aryeh Goretsky

    --
    Dexter is a good dog.
    1. Re: Bug bounty program? by KenHansen · · Score: 1

      Why would one federal agency pay a bounty to another federal agency for fixing software they openly share with each other. BTW, the 'open source' the government is talking about consists entirely of code being shared among federal government agencies, not with the public.

  15. 'Open Source' redefined? by KenHansen · · Score: 1

    "The main requirement is that any new custom source code developed 'by or for the Federal Government' has to be made available for sharing and re-use by all Federal agencies.

    Has 'open source' been redefined to mean nothing more than custom government software being shared with other branches of the same federal government?

  16. Evil Obama!! by JosephDoeden · · Score: 1

    He went open source, like all the villians!

  17. What's needed by Anonymous Coward · · Score: 0

    ... a great deal of overlap in applications ...

    Is there overlap in operating systems, database engines, data table layout, numeric encoding? A language like SQL was designed to bring platform independence to database processing. That still doesn't cover the issue of data mapping (eg. letters or digits). Solve that and the UI for every system can use the same mapping and same source code at least. That doesn't cover the transaction engine since each department will have it's own rules on what happens to a (Age: 29, Income: 50,000, Married: no) tuple.

  18. I remember... by Anonymous Coward · · Score: 0

    When the Air Force first was mandated to use SharePoint to make electronic documentation easier, no thought was put toward storage of the imagined electronic documents. Personnel were told they had to use it before storage was available. That was obviously not possible.

    This sounds much the same. You're not looking for just a place where you can upload/download a folder of files. If you want a repository, seriously, use Github as your example. You're going to need a dedicated data center with redundant backup (if it's important, you want to keep it, right?). Also, there are serious user interface and model concerns. You want people to be able to commit new versions of documents in an authenticated/non-repudiatable manner. You will want to be able to see the log of all changes and be able to revert to any version of the document. You will also want search features, by text in the files, by user, and by filename. A step up from that would be some way to group duplicate versions of documentation (if this was performed on documents automatically, it could reduce the amount of storage needed at the expense of processing) and show where they branch, as well as be able to select any part of the tree easily, as well as see who is involved with each branch. The available tools to do this kind of thing could use a huge ease of use upgrade.

    DISA does have a repository, but now they are charging for any use of it, in a fashion which is not necessarily provided for in agency budgets, and it does not have the above functionality - it is more of a place where static projects are hosted, which is not what is required.

  19. All-around bad policy? by Anonymous Coward · · Score: 0

    I've been using Linux and FreeBSD for half my life and have released a couple projects on sourceforge/freshmeat, so believe me when I say I love open source software. However, it has its place.

    I work for a small company that mainly does government contracting. Some of this includes custom software, much of which is developed partly under SBIR funding. The whole point of the SBIR program is to create products for the government which can also be marketed for a profit. While some of our contracts require us to provide source code for our specific government customer, we'd be in a bad business position if we had to give it away to any/all contractors for potential re-use. As we cater to a niche market, our product being rebranded and sold by another company would severely hurt our business.

    Putting that aside, another huge problem would be searching for useable code. Say I need a function that does XYZ on a data set. I can spend a week writing and testing this. Or... I can spend a day searching for it in some mess of a function catalog that we all know will be poorly implemented, spend another day filling out the required forms to get access to this function, wait a few weeks for this to be processed (hands-off at least, but still downtime), use another couple days reading the documentation and figuring out the interface, take time writing go-between code because it expects its data to be organized differently, and messing with the results because it wasn't *quite* for the same application, then another day testing it out, and end up with a slower, larger program that takes just as long. And that's a good case scenario.

  20. This is not Open Source.. by bfpierce · · Score: 1

    Unless I'm missing something there, but this just requires that code developed for one agency should be available to other agencies. Not that it should be 'open'.

    This just sounds like 'we wanna get past licence agreements and not have to pay for it', not 'we want to make our code open'.

    1. Re: This is not Open Source.. by iivel · · Score: 1

      ... and that's already the rule. Almost all software developed under contract for the Fderal Gov't, civilian agencies ,or the DoD have an "unlimited use rights" clause incorperated. Providing a copy of the source for static analysis is also part of the approval process. It seems that what they're trying to do is make the sharing easier or to revive the multiple failures of intra-agency forge sites as a real common platform (think data.gov) http://www.disa.mil/about/lega...

    2. Re: This is not Open Source.. by dwheeler · · Score: 1

      You mean "unlimited rights" not "unlimited use rights". Once the government has unlimited rights it can release the software as open source software. For more details, see my paper "Publicly Releasing Open Source Software Developed for the U.S. Government" by David A. Wheeler, Software Tech News, Volume: 14 Number: 1 - DoD and Open Source Software. https://www.csiac.org/journal-...

      --
      - David A. Wheeler (see my Secure Programming HOWTO)
  21. No copyright for government by Anonymous Coward · · Score: 0

    The government cannot copyright their own work so it would not be any type of open source license but instead public domain.

    One example would be md5deep.

  22. Clearly doesn't understand the business by RogueWarrior65 · · Score: 1

    This guy clearly doesn't understand how cut-throat and back-stabbing federal contracting is. People will throw you under the bus in a heartbeat if it means they can weasel their way to a contract ahead of you. Hardware is easy to duplicate/copy, software is not. By forcing private industry to give up their intellectual property rights opens the door to well-connected contractors stealing from the little guy.

    1. Re:Clearly doesn't understand the business by Anonymous Coward · · Score: 0

      Absolutely. I love the idea of open source and shared resources, but it means you can't sell products to the government as a small business. This will create more consolidation around the beltway bandits, sadly. It's the opposite of innovation.

  23. No, really is OSS by dwheeler · · Score: 1

    Not so. It's true that the policy focuses more on sharing within the federal government, but it also specifically requires that at least 20% of the code be shared with the public as OSS. It's a start.

    --
    - David A. Wheeler (see my Secure Programming HOWTO)
  24. 'Open Source Software' has reasonable definition by dwheeler · · Score: 1

    I don't think that "open source software" has been significantly redefined. Here's the definition of Open Source Software in this memo: "Software that can be accessed, used, modified, and shared by anyone. OSS is often distributed under licenses that comply with the definition of "Open Source" provided by the Open Source Initiative (https://opensource.org/osd) and/or that meet the definition of "Free Software" provided by the Free Software Foundation (https://www.gnu.org/philosophy/free-sw.html)." That's a little laxer than I'd prefer, but it seems reasonable enough.

    --
    - David A. Wheeler (see my Secure Programming HOWTO)
  25. WOW NOT A HACKER COP SPY HONEYPOT WINDOWS STORY? by Anonymous Coward · · Score: 0

    Oh this time it is about how cool and hip the White House is now. 20 trillion in debt and now the White House is going open source.

    Isn't that fucking swell guys?

    Will it be open source DRM? or is that next story where some Iranian-Russian alliance tried to hack it so they had to put cop protections in it?

    Will it be available for Pokemon GO?

    How FBI is Slashdot? They shit walkie talkies.

  26. Obligatory Schlock Mercenary by Keybounce · · Score: 1

    http://www.schlockmercenary.co...