Open Source In the National Interest

munchola writes "A new report from the Department of Defense's Advanced Systems and Concepts Office recommends that the DoD move to adopt open source software and methodologies as well as open standards in order to make the most efficient use of internal resources. According to CBR, the report states that a move to 'Open Technology Development' is not only in the U.S. national interest, but in the interests of U.S. national security. OTD incorporates open source methodologies and open standards, but also takes into account the fact that the DoD has systems that it would rather keep secret."

Re:The anti-OSS people do have one point.

[Peter Mork]

The solution for OSS is simple. Any OSS software that goes into a Command and Control system needs to have it's source code audited by an independent authority.

Unfortunately, it's not as simple as auditing the source code. You also need to have complete control over the compiler, as implemented in machine code. For example, see Ken Thompson's comments [acm.org] on how to imbed self-replicating code into a compiler so that every program has a back door.

They've been using OSS for years

[LWGLIN]

Granted, I'm not talking about Command and Control systems, but the DoD has been using OS Software for years now. I know because they are using iText [lowagie.com] to produce billions of PDF documents. I have been mailing with DoD developers regularly in the past (and neither I, nor my product is American). It's not as if they have changed their mind about OSS overnight. The remarkable thing is that they are now coming out with a policy about OSS, and that they are considering to use it on a larger scale. (Yes, we're talking about Operating Systems now!)

Re:This all makes now but...

[Beryllium Sphere(tm)]

Does the Advanced Systems & Concepts office carry so much weight that the DoD as a whole can't simply pretend the report never happened?

We use open source in NM state gov.

[spun]

I work for the Child, Youth and Family Development department. We use Windows on the desktop, Novell as our file server and SuSE Linux for everything else. Currently we are transitioning away from HPUX to an IBM BladeCenter environment running VMWare and SuSE. We have one major application and several minor ones. The major app, a client tracking system, was developed in house and runs Sybase as a back end. Eventually we plan on porting it to use Postgres and releasing it as open source so that anyone in need of a client tracking system can use it.

This is the real beauty of open source in government, not leveraging the work of others by running open source systems, but leveraging the large development force that most governments have to share in house apps wit less of the usual inter-agency squabbling. An agency that might be wary of using a non open source application developed by a rival agency will be less wary of using an open source app that just happens to be developed by said rival. Instead of reinventing the wheel, in house development staff can cooperate with other staff in other agencies.

That the DoD would recommend open source is exciting, because it really is a good fit for government agencies. Believe it or not, our little state government IT department is better run and more on the ball than most IT departments that I have worked for in big corporations. Moving to Linux hosted on blades running VMWare has freed up a lot of resources to plan for the future that used to be used in just putting out fires.

Actual Report

[MrCopilot]

79 page .pdf http://www.acq.osd.mil/actd/articles/OTDRoadmapFin al.pdf [osd.mil]

Haven't made it through the whole thing yet, but FTR:
The business model of purchasing physical goods and services has served DoD well in the past; but it falls short when applied to software acquisition. By treating DoD-developed software code as a physical good, DoD is limiting and restricting the ability of the market to compete for the provision of new and innovative solutions and capabilities. By enabling industry to leverage an open code development model, DoD would provide the market incentives to increase the agility and competitiveness of the industrial base. Currently within DoD, there is no internal distribution policy or mechanism for DoD developed and paid for software code. By not enabling internal distribution, DoD creates an arbitrary scarcity of its own software code, which increases the development and maintenance costs of information technology across the Department. Other negative consequences include lock-in to obsolete proprietary technologies, the inability to extend existing capabilities in months vs. years, and snarls of interoperability that stem from the opacity and stove-piping of information systems.

Absolutely.

There are over 100,000 publicly available open source projects available spanning most functional areas.4 Many of these projects provide mature and robust solutions in their areas of focus. When possible, OSS components should be leveraged rather than funding the development of equivalent proprietary components for specific programs.

Damn Skippy!.

Challenges Culture and Process The primary challenges to this transition will be cultural, not technical. Over time, government acquisitions and development processes have built a bureaucracy and rewards system that encourages and supports the status quo. Careers are advanced primarily on program size, not necessarily overall efficiency. Furthermore, government contractors are measured by revenue; government program managers are measured by the size of their organization and their overall budget. The canonical government contracting process creates high entry costs for small innovative companies -- the established contractors attempt to control their positions through proprietary implementations and interfaces. The system is very good at protecting itself -- new approaches, such as OTD, will have to endure legal, security, and process challenges. The current infrastructure will attempt to delay change, claim they are adapting by trying to assume control of the innovative process.

My Favorite Quote is in the DOD report.
There is one thing stronger than all the armies in the world, and that is an idea whose time has come.
-- Victor Hugo

All in All, I'd say the guy in charge of this report knows his stuff and I for one, welcome our new OSS-using DOD overlords.

Re:"Always remember...

[liliafan]

I will believe it when I see it, I just got told in no uncertain terms by our site IT security officer that:

"Nessus is unapproved software, we only allow xxxxxx(closed source) security scans to lock down your UNIX servers"

Yes I work for the DoD.