Pentagon To Make a Big Push Toward Open-Source Software Next Year

"Open-source software" is computer software with its source code made available with a license in which the copyright holder provides the rights to study, change, and distribute the software to anyone and for any purpose. According to The Verge, the Pentagon is going to make a big push for open-source software in 2018. "Thanks to an amendment introduced by Sen. Mike Rounds (R-SD) and co-sponsored by Sen. Elizabeth Warren (D-MA), the [National Defense Authorization Act for Fiscal Year 2018] could institute a big change: should the bill pass in its present form, the Pentagon will be going open source." From the report: We don't typically think of the Pentagon as a software-intensive workplace, but we absolutely should. The Department of Defense is the world's largest single employer, and while some of that work is people marching around with rifles and boots, a lot of the work is reports, briefings, data management, and just managing the massive enterprise. Loading slides in PowerPoint is as much a part of daily military life as loading rounds into a magazine. Besides cost, there are two other compelling explanations for why the military might want to go open source. One is that technology outside the Pentagon simply advances faster than technology within it, and by availing itself to open-source tools, the Pentagon can adopt those advances almost as soon as the new code hits the web, without going through the extra steps of a procurement process. Open-source software is also more secure than closed-source software, by its very nature: the code is perpetually scrutinized by countless users across the planet, and any weaknesses are shared immediately.

"the code is perpetually scrutinized"

[Tailhook]

No one is perpetually scrutinizing anything. That's an old fallacy wrongly attributed to ESR and/or Torvalds. "Linus's Law" merely states all bugs are shallow given enough eyeballs, not the some vast benevolent army of free labor is auditing everything all the time. That's fiction, as as been proven many times with the discovery of ancient zero days in software that's been open source for decades.

Re:"the code is perpetually scrutinized"

[Aighearach]

The presence of Heartbleed being an excellent example that belies this claim.

No, you clearly didn't understand him. Heartbleed exemplifies his claim.

As soon as people knew about Heartbleed, there were fixes available. The bug was proven shallow almost instantly upon discovery, and numerous were the workarounds. People even re-implemented the whole software package to make sure it was fixed! And their fixes worked, the bug was indeed gone. You can't get a shallower bug.

Every example you can even find of a deep bug, a bug that is known to exist but that people don't know how to fix, it is a bug where either there are nearly zero users of the code, or the code is closed source and there are few people with access. Any bug that has even a moderate number of eyes will be very very shallow.

More secure???

[DidgetMaster]

Open source is not necessarily more secure than proprietary software. Because it is visible, good programmers can look for bugs and plug security leaks if they want to, but bad guys can also look for vulnerabilities to exploit. Nobody has to look at the code and/or fix anything. In fact, most people have ZERO interest in doing so. Plenty of security flaws have gone either unnoticed or unfixed for an awful long time in open source projects.