Defending the use of open source
A report reveals just how much the Department of Defense depends on open-source software and recommends steps to ensure that open source is recognized and accepted.
Mitre, a not-for-profit engineering and IT organization that works with the federal government, has recommended that the Department of Defense take steps to encourage the use of open-source software in the department's infrastructure.
The report published Monday found that what it calls free and open-source software (FOSS) "plays a more critical role in the (Defense Department) than has been generally recognized." The report also noted that if open source were banned, the department's security would plummet and costs would rise sharply.
Mitre's report addresses the increasingly urgent issue regarding what stance governments should take with regard to open-source software. Because it is freely distributable, open-source software has often come into wide use within governments without having to be officially endorsed.
Recently, proprietary software companies such as Microsoft have labeled open-source software a threat and have called its use into question. At the same time, some governments, such as those of France and Germany, have begun encouraging open-source procurement as a way of limiting their dependence on proprietary software makers and of stimulating local software development.
Software distributed under open-source licenses can be freely modified and redistributed, as long as the modifications are returned to the community. This autonomy from the software vendor is useful for the Defense Department because it speeds the process of responding to threats, Mitre said, but it also creates ambiguities.
"The combination of an ambiguous status and largely ungrounded fears that it cannot be used with other types of software are keeping FOSS from reaching optimal levels of use," the report said.
To solve the problem, Mitre recommends that the department create a "generally recognized as safe" list recognizing widely used, reliable open-source software such as Apache, Linux and the GCC compiler. The department should also encourage the use of proprietary software that works well with open-source, the use of the GNU General Public License in some cases and the use of open-source software generally to improve research efficiency and commercial innovation, said the report.
Mitre's report also said that open-source software should be used to promote product diversity, an increasing concern as Microsoft's Windows software becomes more and more dominant. "Acquisition diversity reduces the cost and security risks of being fully dependent on a single software product, while architectural diversity lowers the risk of catastrophic cyberattacks based on automated exploitation of specific features or flaws of very widely deployed products," the report said.
The group noted that some proprietary software licenses, such as Microsoft's MIT end user license agreement, would effectively ban open-source software if they were widely used. Besides the security implications, Mitre said, such a move would hurt the Defense Department's research and software development capabilities, as well as its ability to support Web and Internet-based applications.
ZDNet UK's Matthew Broersma reported from London.