Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Open Source United States Government News Technology

DoD Leads In Federal Open Source Usage 51

GMGruman writes "A new open technology report card shows that only a third of federal agencies get a passing grade on open source usage and contribution, with the Defense Department leading the way. Savio Rodrigues explains what both government and business can learn from the DoD's open source prowess."
This discussion has been archived. No new comments can be posted.

DoD Leads In Federal Open Source Usage

Comments Filter:
  • So if the DoD is the leading user of open source software by the feds, how come, as a supplier of software to the DoD none of my company's development can be done overseas?
    • Re:Umm ... (Score:5, Informative)

      by Nadaka ( 224565 ) on Friday February 04, 2011 @03:37PM (#35106710)

      Because foreign nationals are not permitted to view sensitive information.

      And your company can do development overseas, just not for the DoD.

      The DoD makes extensive use of open source software and has policies in place governing (but not forbidding) employees contributions to OS projects.

      • Re: (Score:3, Informative)

        by cgoodric ( 1311355 )
        Our software does data integration. While the software itself manages sensitive information, there's no sensitive information in the source code. I fail to see how letting foreign nationals develop open source software is somehow more secure than letting them develop ours. I don't believe the concern is letting DoD employees contribute to open source. I believe the concern is allowing foreign nationals to insert malicious code into software that is used at the DoD.
        • Re:Umm ... (Score:5, Informative)

          by Nadaka ( 224565 ) on Friday February 04, 2011 @04:24PM (#35107044)

          Every permitted open source project is thoroughly inspected and vetted before it is cleared for use.

          Inserting malicious code is a concern, but it does not answer the question why you can not farm out DoD work to foreign shops.

          The requirements and design of most DoD projects are classified as sensitive. The rules for sensitive material state that it may not be distributed to any foreign national.

          Beyond that, there is a legal requirement for federal projects (and most state projects) that work be performed domestically. This is mostly for economic reasons.

          As a contractor you REALLY aught to know this already.

        • Re:Umm ... (Score:5, Informative)

          by DrgnDancer ( 137700 ) on Friday February 04, 2011 @04:37PM (#35107154) Homepage

          It's like this. I can go online (as a contractor or a DoD employee, I've been both) and purchase or download COTS (Commercial Off The Shelf) software that was created anywhere. It's COTS and it's considered market vetted. If we can examine the source code (OSS) even better. Linux is fine and was fine even before Linus became a US citizen. It's considered COTS, the Linux Red Hat sells to the DoD is the same Linux they sell to Google or Ford or Bolivia. Same with say, SAMBA, even though Jeremy Allison is Australian.

          On the other hand if I hire you to write custom code for the DoD then the requirements, documents, etc are all considered sensitive and you have to hire US citizens. If the government wanted a piece of software that was able to interface with Windows AD, for instance, (and they couldn't just use Samba for some reason) they couldn't hire Jeremy Allison to head up the effort even though he has a lot of experience from his work with Samba.

          • I'm pretty sure Jeremy's an American these days (or still British). You're thinking of Andrew Tridgell who is most certainly Australian.

          • OK, so our company's software IS what you define as COTS. It's in production use by a number of commercial entities such as BP, Deuchebank, General Motors, Wells Fargo, etc. By your definition we shouldn't have any trouble with the feds about offshore development. That being said, the vast majority of accounts require some customization to fit the customers' needs (similar to the way most databases require customization for customers' use: creating tables, developing procedure code, etc.) This is all done
            • That sounds really odd, and I have no idea. Are you sure your company isn't misunderstanding the rules? The DoD uses tons of COTS code produced in other countries. Unless the database programming side of it is causing some weird rule interaction, I can't imagine why it would be a problem.

        • by iccaros ( 811041 )
          open source has to be vetted and checked before it is allowed to be used, most software I see being developed for DoD, is really just for one group and they normally do not vet the code. But the use of foreign programmers is handled thought the contact and FAR. Like we can use over seas programmers on our project, but the software has to be sent to the DoD test range before implemented, if we use cleared US programmers, they do no security checks. Is it right.. no all software should be checked but its the
        • by rtb61 ( 674572 )

          Lines of code, stop and think about that for a moment. When any countries DoD starts with open source, they can start with a fairly clean source, that can be compared with the source being used by other countries DoD, everyone watches everyone else.

          So you have a new submission to be inserted, not replacing of all previous code just s portion of it, this portion of course can be readily audited.

          Closed source code is a huge problem for secure, even when they get the code, they get millions of lines at on

  • Bogus summary (Score:5, Informative)

    by Anonymous Coward on Friday February 04, 2011 @03:34PM (#35106688)

    Most of the questions had to do not with using open source software but centered on transparent data access by the public, FOIA attitude, etc.

    Read the linked executive summary and then go to the criteria page.

    • I concur. I work for one of the agencies that scored over 50% and we are completely locked-in to Microsoft products.

      As you would expect, our systems are complete shit -- our only IT support people are clueless MSCE types, we constantly have downtime, all of our internal "institutional knowledge" is being moved into sharepoint, and my head is gonna explode the next time someone mentions the word Ribbon.

  • by Sam Nitzberg ( 242911 ) on Friday February 04, 2011 @03:35PM (#35106696)

    NewsForge did an interview some time back about Open Source and Defense...
    http://samnitzberg.com/Papers/Why_open_source_works_for_weapons_and_defense__interview__JAN_2006.pdf

    -- Sam

  • by zill ( 1690130 ) on Friday February 04, 2011 @03:41PM (#35106734)
    I knew it! No proprietary software sweatshop could have churned out Skynet. Only the FOSS movement can produce something sublime enough to eradicate humanity.
    • The terminators would have been busy too debating GPL v2 vs. GPL v3 (when they all weren't yelling at the one BSD proponent to shut up) to get around to wiping out humanity, although I suppose you could count humanity's mass suicide to escape the inanity of it all as the machines' doing.

    • by tqk ( 413719 )

      Only the FOSS movement can produce something sublime enough to eradicate humanity.

      Terminator running Win* vs. Terminator running FLOSS? So, what actually happens when a Windows Terminator gets infected with malware? It starts saving the planet?

      If you're Skynet, why take the chance?

    • The Terminator uses Apple II code [pagetable.com]. It was published on Nibble magazine so, yes, it is open source.

  • by ciaran_o_riordan ( 662132 ) on Friday February 04, 2011 @03:45PM (#35106776) Homepage

    The US DoD even gave FSF an endorsement of free software for fsf.org:

    http://www.fsf.org/working-together/profiles/department-of-defense [fsf.org]

    Others:
    http://www.fsf.org/working-together/whos-using-free-software [fsf.org]

  • by bsDaemon ( 87307 ) on Friday February 04, 2011 @03:46PM (#35106778)

    I for one an shocked that the department which started ARPA then built the Internet around open standards and Berkeley Unix would be friendly to open source software. This is big news! Seriously though, I am slightly surprised that DOE didn't take the top slot.

    • I for one avoid telling management and IT what OSs I am running for my research (when I can. Well they did make me get rid of the OpenBSD boxes I was using to protect an inner network. They got replaced with some cisco product.) So I am a little surprised if the survey is reflective of the research side of government.
      • by cayenne8 ( 626475 ) on Friday February 04, 2011 @04:46PM (#35107214) Homepage Journal
        Well, it is a relatively NEW thing for the DoD to allow any open source software to be used on their networks. Just a few short years ago (5 or so), it was almost impossible to get them to use anything on any of the systems I was associated with. Solaris used to be the OS of choice for server rooms, and Oracle the database.

        I've seen a LOT of Linux these days replacing Solaris...Oracle still rules the database as from my experience. I've wanted to try to get some dev to test out using postgres, which would be a natural open source alternative as that it mimics Oracle a great deal, not extremely hard to convert to from Oracle....and it does have scalability that I still believe elludes MySQL....

        Whatever we have done...we always try to discourage windows and MSSQL from the server rooms. So far so good on most projects I've worked on.

        But it took a LOT of effort to get the DoD and related branches of govt to start even to consider open source.

        • by jlechem ( 613317 )
          I agree, I worked as a USAF, DOD, and FEMA contractor. Open source was strictly VERBOTTEN. They didn't like the unknown linking clause (that has been resolved?, I don't follow open source that much) and they really didn't like anyone being able to see the code that was being used on their secure networks. I can see unclassified systems being able to use open source but nothing above classified.
  • by m_chan ( 95943 ) on Friday February 04, 2011 @03:47PM (#35106784) Homepage
    No where does the source article correlate the statistics to "passing" or not. The editorial article does.

    Said differently, only one-third of agencies and departments evaluated received a passing grade"

    "Said differently" being the key phrase.

  • Sea change (Score:5, Informative)

    by wiredlogic ( 135348 ) on Friday February 04, 2011 @04:09PM (#35106930)

    This is a dramatic change from the state of affairs ten years ago when the idea of running Linux and using open source in a secure environment would get you laughed out of the room. MITRE produced a white paper [mitre.org] back then that has slowly helped to put the gears of change in motion.

  • For years the common workers at the DOD have had to hack and steal software to get the job done...why wouldnt they use an open source??? I have a buddy that has told me the submarine he is on is always using boosted software.
  • Hey, wasn't it the DoD who said a while back that they are "the sigle largest customer base for Red Hat Enterprise Linux"? Props to them!

Genius is ten percent inspiration and fifty percent capital gains.

Working...