NSA: Open source provides extreme security at lower cost

Open source provides the NSA with a way to develop highly secure software at a fraction of the cost of proprietary approaches.

In one of the biggest testaments yet of open source's security credentials, and of its ability to deliver security at lower cost, the US National Security Agency (NSA) has turned to open source to create part of the Tokeneer System. The Tokeneer System is a biometric security software system, but that isn't why it's significant.

No, open sourcing part of the Tokeneer System is significant because it "shows that highly dependable software can be developed cost-effectively," as noted by Martyn Thomas of Oxford University. The same or better security than proprietary approaches...for much less.

For those that continue to cling to the principle that security is best achieved through obscurity, the US' most secretive agency has a response: open source is better.

The unprecedented release of the project into the open source community aims to demonstrate how highly secure software can be developed cost-effectively, improving industrial practice and providing a starting point for teaching and academic research. Originally showcased in a conference paper in 2006, it has the long-term aim of improving the development practices of NSA's contractors. Tokeneer was created as a fixed-price project, taking just 260 person days to create nearly 10,000 lines of high-assurance code, achieving lower development costs than traditional methods per line of code.

This result should not be underestimated. As Professor Daniel Jackson of MIT Computer Science Lab suggests, "Finally, we have a full and open example of a development from a world leader in high integrity systems." In other words, this is a significant proofpoint from an established security leader that open source can deliver industry-leading security at lower cost than standard procedures.

In a booming market, perhaps this wouldn't matter. But the market is not booming. If anything, it's headed to a bust. As such, open-source principles are critical to ensuring that governments and enterprises can stretch budgets to the maximum.

Tags:
Tech Culture
About the author

    Matt Asay is chief operating officer at Canonical, the company behind the Ubuntu Linux operating system. Prior to Canonical, Matt was general manager of the Americas division and vice president of business development at Alfresco, an open-source applications company. Matt brings a decade of in-the-trenches open-source business and legal experience to The Open Road, with an emphasis on emerging open-source business strategies and opportunities. He is a member of the CNET Blog Network and is not an employee of CNET. You can follow Matt on Twitter @mjasay.

     

    Join the discussion

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Galleries from CNET
    Uber's tumultuous ups and downs in 2014 (pictures)
    The best and worst quotes of 2014 (pictures)
    A roomy range from LG (pictures)
    This plain GE range has all of the essentials (pictures)
    Sony's 'Interview' heard 'round the world (pictures)
    Google Lunar XPrize: Testing Astrobotic's rover on the rocks (pictures)