Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pentagon To Make a Big Push Toward Open-Source Software Next Year (theverge.com)

Posted by BeauHD on from the software-intensive dept.

"Open-source software" is computer software with its source code made available with a license in which the copyright holder provides the rights to study, change, and distribute the software to anyone and for any purpose. According to The Verge, the Pentagon is going to make a big push for open-source software in 2018. "Thanks to an amendment introduced by Sen. Mike Rounds (R-SD) and co-sponsored by Sen. Elizabeth Warren (D-MA), the [National Defense Authorization Act for Fiscal Year 2018] could institute a big change: should the bill pass in its present form, the Pentagon will be going open source." From the report: We don't typically think of the Pentagon as a software-intensive workplace, but we absolutely should. The Department of Defense is the world's largest single employer, and while some of that work is people marching around with rifles and boots, a lot of the work is reports, briefings, data management, and just managing the massive enterprise. Loading slides in PowerPoint is as much a part of daily military life as loading rounds into a magazine. Besides cost, there are two other compelling explanations for why the military might want to go open source. One is that technology outside the Pentagon simply advances faster than technology within it, and by availing itself to open-source tools, the Pentagon can adopt those advances almost as soon as the new code hits the web, without going through the extra steps of a procurement process. Open-source software is also more secure than closed-source software, by its very nature: the code is perpetually scrutinized by countless users across the planet, and any weaknesses are shared immediately.

9 of 99 comments (clear)

  1. "the code is perpetually scrutinized" by Tailhook · · Score: 5, Insightful

    No one is perpetually scrutinizing anything. That's an old fallacy wrongly attributed to ESR and/or Torvalds. "Linus's Law" merely states all bugs are shallow given enough eyeballs, not the some vast benevolent army of free labor is auditing everything all the time. That's fiction, as as been proven many times with the discovery of ancient zero days in software that's been open source for decades.

    --
    Maw! Fire up the karma burner!
    1. Re:"the code is perpetually scrutinized" by Aighearach · · Score: 5, Insightful

      The presence of Heartbleed being an excellent example that belies this claim.

      No, you clearly didn't understand him. Heartbleed exemplifies his claim.

      As soon as people knew about Heartbleed, there were fixes available. The bug was proven shallow almost instantly upon discovery, and numerous were the workarounds. People even re-implemented the whole software package to make sure it was fixed! And their fixes worked, the bug was indeed gone. You can't get a shallower bug.

      Every example you can even find of a deep bug, a bug that is known to exist but that people don't know how to fix, it is a bug where either there are nearly zero users of the code, or the code is closed source and there are few people with access. Any bug that has even a moderate number of eyes will be very very shallow.

  2. More secure??? by DidgetMaster · · Score: 3, Insightful

    Open source is not necessarily more secure than proprietary software. Because it is visible, good programmers can look for bugs and plug security leaks if they want to, but bad guys can also look for vulnerabilities to exploit. Nobody has to look at the code and/or fix anything. In fact, most people have ZERO interest in doing so. Plenty of security flaws have gone either unnoticed or unfixed for an awful long time in open source projects.

  3. More secure? by Computershack · · Score: 4, Interesting

    Open-source software is also more secure than closed-source software, by its very nature: the code is perpetually scrutinized by countless users across the planet, and any weaknesses are shared immediately.

    Remember it wasn't that long ago when all you had to do was hit Backspace 28 times and you could bypass login security on almost all Linux distros....

    --
    I only please one person per day. Today is not your day. Tomorrow isn't looking good either. - Scott Adams
  4. No, that amendment died in conference by dwheeler · · Score: 5, Informative

    Won't happen, that amendment died in the conference reconciliation. The merged version does have an open source software pilot, but that's it: Section 875: (a) DoD shall “initiate the open source software pilot program” (b) NLT 60 days enactment of this Act, the SECDEF shall “provide a report to Congress with details of the plan of the Department of Defense to implement the pilot program required by subsection (a).”

    --
    - David A. Wheeler (see my Secure Programming HOWTO)
  5. Re:Ummm by Marxist+Hacker+42 · · Score: 3

    Yep, this is exactly right. Now that they know, Russian, Chinese, and ISIS hackers will be adding new features like crazy to OpenOffice Impress, all with the handy new feature of sending your deck to the cloud..........and more than one cloud...and more than you know about.

    --
    SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
  6. There's already -a lot- of OSS in DoD by david.emery · · Score: 4, Interesting

    In 35 years in that business, I saw and used a lot of open source development tools, as well as in deployed software. Red Hat is a major provider of OS to DoD, including embedded in weapon systems. GNAT Ada is open source.

    And on my last project we kept 2 lawyers (one government, one prime contractor) busy nearly full-time evaluating various OSS licenses for our intended use. The GPL was a significant debate; most OSS licenses were deemed acceptable by both sides. In each case, we evaluated OSS and proprietary software for functionality, life-cycle costs, supportability, expected security/vulnerabilities, and made a decision that balanced these factors. Sometimes the OSS components won out, other times not. But there was a documented decision with rationale.

    In general, the choice of software was not a government decision, but a prime contractor decision. Not sure how much we want Congress dictating to contractors what they put into their products.

  7. Re:Has already seen this episode of the Soap Opera by uassholes · · Score: 3, Informative

    "What happened to NSA Linux." https://en.wikipedia.org/wiki/...

  8. Not the point, but missing the point as well by jbn-o · · Score: 3, Interesting

    That's fiction, as as been proven many times with the discovery of ancient zero days in software that's been open source for decades.

    Not only does that not follow (you have no idea who scrutinizes their copy of FLOSS precisely because of the privacy FLOSS affords users) but you're missing a much more important point: FLOSS respects a user's ability to do things computer owners want their software to do but inherently can't trust proprietary software to carry out. Proprietary software can't be trusted because the users can't be sure it is doing what the users want and not doing what the users don't want (typically this means leaking information, opening backdoors, and implementing malware). It's not about guarantees, it's about the permission to exert as much control over one's own computers as one wishes. Proprietary software inherently doesn't grant that permission and FLOSS does. Couple that with a monied organization as big as the American federal government, and you have the ability for significantly increasing control over their own computers.

    --
    Digital Citizen