Navy Now Mandated To Consider FOSS As an Option 205
lisah writes "In a memorandum handed down from Department of the Navy CIO John Carey this week, the Navy is now mandated to consider open source solutions when making new software acquisitions. According John Weathersby, executive director of the Open Source Software Institute, this is the first in a series of documents that will also address 'development and distribution issues regarding open source within Navy IT environments.'"
Yeah, and the USAF uses ADA (Score:4, Interesting)
So to me the announcement means nothing. Military doesn't always eat it's own dog food.
Re:Inconceivable! (Score:3, Interesting)
Re:Finally! An F-22 Problem? (Score:3, Interesting)
What happens when it crosses the International Dateline? [defenseindustrydaily.com]
Consider eh? (Score:2, Interesting)
Before the navy had no idea under what label they were supposed to put open source software so they didn't consider it (out of lazyness?). Now open source is defined as a commercial item so the navy can purchase it the same way they do with other software.
However this doesn't seem to in any way prevent the large companies from doing what they always do. Just bribe the officials responsible for deciding what software/hardware to use and get them to make the navy pay for their expensive useless stuff.
I doubt we'll see any great rise in the amount of open source software used in the navy just yet. It's a fairly big step in the right direction though. I would seriously not have thought that one of the big difficulties of using open source was defining it for your paper work o.O
Why the Navy wants FOSS (Score:4, Interesting)
GPLv3, new clause (Score:1, Interesting)
Re:Great! This is what you have to do (Score:5, Interesting)
When you consider that you can build role-based access controls that can migrate with applications across clusters, when network connection types, network bandwidth, shared memory and inter-process communication have mandatory access controls, you really begin to see just how pathetically limited generally-available OS' really are. There's no reason for it - there's nothing that prevents a widely-available system from being harder than a diamond-encrusted pulsar.
The reason that nobody bothers much with making OS' secure is that the DoD has long-proved (by buying Windows and by failing their security audits) that security doesn't matter enough to be worth the effort. Security to this level costs big money, and only the really big corporations can afford the costs or have the market to pay for it. Companies can lose hundreds of thousands of credit cards and maybe get rapped knuckles - if they're even discovered. Only one State requires reporting - but plenty of other places have e-Commerce. System crackers - black hats especially - are a pervasive part of society with no serious effort to secure networks against them.
If the money did exist, if there was serious interest in serious prevention, host intrusion detection wouldn't be MD5 checksums (which were beaten soundly, according to the Internet Auditing Project). Plain-text passwords wouldn't exist. One-time pads and public-key encryption would be the only way to log onto Slashdot or any other web service. Zombies, Trojans and Viruses would be found in technology museums, under "extinct electronic lifeforms". If a disk drive with tens of millions of credit cards or social security numbers went missing, in a secure world that would be cause for a few minutes downtime to replace what was lost, rather than a few weeks or months of running round in circles doing nothing.
You see any of that happening? No? Then security is still regarded as an optional extra, not as a fundamental design requirement, and will never reach its true potential. Furthermore, agencies will continue buying/copying OS' based on ease of initial deployment and not on whether it'll protect the data sufficiently.
Re:Why the Navy wants FOSS (Score:3, Interesting)
Now, imagine a similar situation involving software
I can't. Are you familiar with the WW2 era Seabees. They weren't necessarily your teenage volunteers/draftees. Many were "old men" in their 30s and 40s who the Navy would have turned away due to their "advanced age", however these "old men" had many years of experience in construction, engineering and related disciplines so the Navy made an exception for the Seabees. So most of the people hacking away on FOSS would not be a similar fit experience wise, quality product wise, etc.
Re:Cool!! (Score:4, Interesting)
No, this would not require a broader source release. Contrary to common belief, the GPL does not require that source must be published to the world when software covered by the GPL is distributed, only that the source is distributed along with the binary under the GPL. The recipient is free to publish though, so there is usually not much to gain by only distributing to your customers.
Parts of the Navy are way ahead of him already (Score:2, Interesting)
My only fear is that all of our efforts will go for nothing when some doofus admiral says, "Vendor X says he can do it cheaper. Drop everything and go prove that you really know what you're doing." Yup. All of my team's work grinds to a halt for 3 months while we pursue a damn wild goose chase to justify that we're more trustworthy than a retired O-6 who's now a salesman.
Wish us luck. We'll bloody well need it.
Re:Why the Navy wants FOSS (Score:3, Interesting)