Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

DoD Leads In Federal Open Source Usage

Soulskill posted more than 3 years ago | from the what-do-you-pick-when-it's-important dept.

Open Source 51

GMGruman writes "A new open technology report card shows that only a third of federal agencies get a passing grade on open source usage and contribution, with the Defense Department leading the way. Savio Rodrigues explains what both government and business can learn from the DoD's open source prowess."

Sorry! There are no comments related to the filter you selected.

Umm ... (2)

cgoodric (1311355) | more than 3 years ago | (#35106616)

So if the DoD is the leading user of open source software by the feds, how come, as a supplier of software to the DoD none of my company's development can be done overseas?

Re:Umm ... (4, Informative)

Nadaka (224565) | more than 3 years ago | (#35106710)

Because foreign nationals are not permitted to view sensitive information.

And your company can do development overseas, just not for the DoD.

The DoD makes extensive use of open source software and has policies in place governing (but not forbidding) employees contributions to OS projects.

Re:Umm ... (3, Informative)

cgoodric (1311355) | more than 3 years ago | (#35106874)

Our software does data integration. While the software itself manages sensitive information, there's no sensitive information in the source code. I fail to see how letting foreign nationals develop open source software is somehow more secure than letting them develop ours. I don't believe the concern is letting DoD employees contribute to open source. I believe the concern is allowing foreign nationals to insert malicious code into software that is used at the DoD.

Re:Umm ... (5, Informative)

Nadaka (224565) | more than 3 years ago | (#35107044)

Every permitted open source project is thoroughly inspected and vetted before it is cleared for use.

Inserting malicious code is a concern, but it does not answer the question why you can not farm out DoD work to foreign shops.

The requirements and design of most DoD projects are classified as sensitive. The rules for sensitive material state that it may not be distributed to any foreign national.

Beyond that, there is a legal requirement for federal projects (and most state projects) that work be performed domestically. This is mostly for economic reasons.

As a contractor you REALLY aught to know this already.

Re:Umm ... (0)

Anonymous Coward | more than 3 years ago | (#35112750)

Thanks for the clarification.

As for why I don't know this, I work in the field as a consultant on commercial projects (basically anything that's not a federal or state project.) The whole idea of the federal government using open source software seemed a bit dumb to me. :)

Re:Umm ... (5, Informative)

DrgnDancer (137700) | more than 3 years ago | (#35107154)

It's like this. I can go online (as a contractor or a DoD employee, I've been both) and purchase or download COTS (Commercial Off The Shelf) software that was created anywhere. It's COTS and it's considered market vetted. If we can examine the source code (OSS) even better. Linux is fine and was fine even before Linus became a US citizen. It's considered COTS, the Linux Red Hat sells to the DoD is the same Linux they sell to Google or Ford or Bolivia. Same with say, SAMBA, even though Jeremy Allison is Australian.

On the other hand if I hire you to write custom code for the DoD then the requirements, documents, etc are all considered sensitive and you have to hire US citizens. If the government wanted a piece of software that was able to interface with Windows AD, for instance, (and they couldn't just use Samba for some reason) they couldn't hire Jeremy Allison to head up the effort even though he has a lot of experience from his work with Samba.

Re:Umm ... (1)

laptop006 (37721) | more than 3 years ago | (#35109156)

I'm pretty sure Jeremy's an American these days (or still British). You're thinking of Andrew Tridgell who is most certainly Australian.

Re:Umm ... (1)

DrgnDancer (137700) | more than 3 years ago | (#35114916)

Bah, you're right. My bad.

Re:Umm ... (1)

cgoodric (1311355) | more than 3 years ago | (#35112872)

OK, so our company's software IS what you define as COTS. It's in production use by a number of commercial entities such as BP, Deuchebank, General Motors, Wells Fargo, etc. By your definition we shouldn't have any trouble with the feds about offshore development. That being said, the vast majority of accounts require some customization to fit the customers' needs (similar to the way most databases require customization for customers' use: creating tables, developing procedure code, etc.) This is all done within the product's development environment (none of the core source code is touched) and all customization work is done by cleared personel.

Re:Umm ... (1)

DrgnDancer (137700) | more than 3 years ago | (#35114972)

That sounds really odd, and I have no idea. Are you sure your company isn't misunderstanding the rules? The DoD uses tons of COTS code produced in other countries. Unless the database programming side of it is causing some weird rule interaction, I can't imagine why it would be a problem.

Re:Umm ... (1)

iccaros (811041) | more than 3 years ago | (#35107570)

open source has to be vetted and checked before it is allowed to be used, most software I see being developed for DoD, is really just for one group and they normally do not vet the code. But the use of foreign programmers is handled thought the contact and FAR. Like we can use over seas programmers on our project, but the software has to be sent to the DoD test range before implemented, if we use cleared US programmers, they do no security checks. Is it right.. no all software should be checked but its the rules, and surprisingly we get in trouble if we go beyond the contract and implement a security check the Government did not ask for, as they will say we charged hours to unauthorized work.

Re:Umm ... (0)

Anonymous Coward | more than 3 years ago | (#35109218)

How is that surprising? they don't want it but they have to pay for it. i'd be pissed, too.

Re:Umm ... (1)

rtb61 (674572) | more than 3 years ago | (#35108828)

Lines of code, stop and think about that for a moment. When any countries DoD starts with open source, they can start with a fairly clean source, that can be compared with the source being used by other countries DoD, everyone watches everyone else.

So you have a new submission to be inserted, not replacing of all previous code just s portion of it, this portion of course can be readily audited.

Closed source code is a huge problem for secure, even when they get the code, they get millions of lines at once which can take years to audit dependent upon the number of specialists put into the task. Now consider the contrary fiscal logic of DoD buying closed source code, they have to spend millions of dollars to audit code so that they can but licences of that code one desk at a time and those code audit cost for debugging and securing can be as expensive as writing the code in the first place.

Open source means at least after having spent the money on auditing the code for bugs and security they at least don't have to continue to spend money on licences, now that would be corruptly crazy. Also bear in mind those auditing cost can be shared across departments and even with allied countries, making it really cheap per desk.

Now closed source software corporations are fully aware of this which is why, they skulk around in the shadows making shady deals with people making the software procurement decisions to get unsecured, risky and expensive software in the door, all of it tied to permanent data retention lock in and, bull pucky retraining costs, typical corporate slime.

because... (0)

Anonymous Coward | more than 3 years ago | (#35106618)

...troops just use what they are told to use.

fbcb2 runs Solaris.

Passing grade? (-1, Flamebait)

Anonymous Coward | more than 3 years ago | (#35106664)

Once again the freetards are acting like they should be accept and, worse, expect something back from those that use their software.

If you're going to do open source you have to expect that people are going to give nothing back and that people will still continue to use closed source where it meets their needs.

Re:Passing grade? (-1)

Anonymous Coward | more than 3 years ago | (#35106742)

You get to call people 'tards, but they don't even get to state what they think is the right thing to do?

Why harbor such animosity against freetards? "Yay! Go immoral rich people that lock us in with proprietary shit! I want to become one too!"?

Silly person.

Re:Passing grade? (2)

tqk (413719) | more than 3 years ago | (#35107344)

Why harbor such animosity against freetards?

He's afraid his boss is going to see the logic of our arguments, and then he won't be able to explain everything away just by waving his hands around about viruses, malware, and crackers. Oh, and he'd need to learn to actually think about what he's doing, instead of wasting all his boss' time in MS-Project, Photoshop, Facebook, ...

Bogus summary (5, Informative)

Anonymous Coward | more than 3 years ago | (#35106688)

Most of the questions had to do not with using open source software but centered on transparent data access by the public, FOIA attitude, etc.

Read the linked executive summary and then go to the criteria page.

Re:Bogus summary (0)

Anonymous Coward | more than 3 years ago | (#35107222)

Does the site intentionally use the Democratic Party/Barack Obama color scheme?

Re:Bogus summary (1)

McGruber (1417641) | more than 3 years ago | (#35109026)

I concur. I work for one of the agencies that scored over 50% and we are completely locked-in to Microsoft products.

As you would expect, our systems are complete shit -- our only IT support people are clueless MSCE types, we constantly have downtime, all of our internal "institutional knowledge" is being moved into sharepoint, and my head is gonna explode the next time someone mentions the word Ribbon.

Re:Bogus summary (0)

Anonymous Coward | more than 3 years ago | (#35109670)

(Quoting Seinfeld)
Who doesn't want to wear Zee Reebon.....

NewsForge Did an interview some time back ... (4, Informative)

Sam Nitzberg (242911) | more than 3 years ago | (#35106696)

NewsForge did an interview some time back about Open Source and Defense...
http://samnitzberg.com/Papers/Why_open_source_works_for_weapons_and_defense__interview__JAN_2006.pdf

-- Sam

Obligatory Skynet reference (4, Funny)

zill (1690130) | more than 3 years ago | (#35106734)

I knew it! No proprietary software sweatshop could have churned out Skynet. Only the FOSS movement can produce something sublime enough to eradicate humanity.

Re:Obligatory Skynet reference (2)

Duradin (1261418) | more than 3 years ago | (#35107256)

The terminators would have been busy too debating GPL v2 vs. GPL v3 (when they all weren't yelling at the one BSD proponent to shut up) to get around to wiping out humanity, although I suppose you could count humanity's mass suicide to escape the inanity of it all as the machines' doing.

Re:Obligatory Skynet reference (0)

Anonymous Coward | more than 3 years ago | (#35109152)

thats why evil cyborgs invented OSX

it looks open
but is really a shiny metallic veneer designed to disguise pure evil

DONT ARGUE! REALITY DISTORTION FIELD IN FULL EFFECT!

Re:Obligatory Skynet reference (2)

tqk (413719) | more than 3 years ago | (#35107396)

Only the FOSS movement can produce something sublime enough to eradicate humanity.

Terminator running Win* vs. Terminator running FLOSS? So, what actually happens when a Windows Terminator gets infected with malware? It starts saving the planet?

If you're Skynet, why take the chance?

Re:Obligatory Skynet reference (0)

Anonymous Coward | more than 3 years ago | (#35107734)

I knew it! No proprietary software sweatshop could have churned out Skynet. Only the FOSS movement can produce something sublime enough to eradicate humanity.

That's because if Skynet was Windows-based, humanity would end up eradicating itself out of sheer frustration!

Terminator source code (1)

mangu (126918) | more than 3 years ago | (#35109862)

The Terminator uses Apple II code [pagetable.com] . It was published on Nibble magazine so, yes, it is open source.

I for one am shocked! (3)

bsDaemon (87307) | more than 3 years ago | (#35106778)

I for one an shocked that the department which started ARPA then built the Internet around open standards and Berkeley Unix would be friendly to open source software. This is big news! Seriously though, I am slightly surprised that DOE didn't take the top slot.

Re:I for one am shocked! (0)

Anonymous Coward | more than 3 years ago | (#35107082)

...Seriously though, I am slightly surprised that DOE didn't take the top slot.

Department of Ecology? Department of Education? Department of the Environment? Department of Energy? =p

Re:I for one am shocked! (3, Funny)

nschubach (922175) | more than 3 years ago | (#35107246)

The Department of E involves everything that begins with the letter E.

It's the new naming scheme meant to simplify government. Codename: Sesame Street.

Re:I for one am shocked! (1)

AbrasiveCat (999190) | more than 3 years ago | (#35107090)

I for one avoid telling management and IT what OSs I am running for my research (when I can. Well they did make me get rid of the OpenBSD boxes I was using to protect an inner network. They got replaced with some cisco product.) So I am a little surprised if the survey is reflective of the research side of government.

Re:I for one am shocked! (4, Interesting)

cayenne8 (626475) | more than 3 years ago | (#35107214)

Well, it is a relatively NEW thing for the DoD to allow any open source software to be used on their networks. Just a few short years ago (5 or so), it was almost impossible to get them to use anything on any of the systems I was associated with. Solaris used to be the OS of choice for server rooms, and Oracle the database.

I've seen a LOT of Linux these days replacing Solaris...Oracle still rules the database as from my experience. I've wanted to try to get some dev to test out using postgres, which would be a natural open source alternative as that it mimics Oracle a great deal, not extremely hard to convert to from Oracle....and it does have scalability that I still believe elludes MySQL....

Whatever we have done...we always try to discourage windows and MSSQL from the server rooms. So far so good on most projects I've worked on.

But it took a LOT of effort to get the DoD and related branches of govt to start even to consider open source.

Re:I for one am shocked! (2)

jlechem (613317) | more than 3 years ago | (#35108176)

I agree, I worked as a USAF, DOD, and FEMA contractor. Open source was strictly VERBOTTEN. They didn't like the unknown linking clause (that has been resolved?, I don't follow open source that much) and they really didn't like anyone being able to see the code that was being used on their secure networks. I can see unclassified systems being able to use open source but nothing above classified.

Re:I for one am shocked! (0)

Anonymous Coward | more than 3 years ago | (#35126726)

Actually, the DOD doesn't have a problem with Open Source, they have a problem with software that isn't supported. Another problem is with copyleft licenses such as the GPL. I see the article mentioned avionics software that used a GPL licenses compiler, GCC.

The FSF specifically says that if you link to the GPL code in anyway that when you distribute that code then you must provide your software too -- making it open source. That will not work in most cases. So GPL and EPL are not good, Apache and similar licenses are ok. Red Hat's software has a different kind of license that isn't viral like that.

Re:I for one am shocked! (0)

Anonymous Coward | more than 3 years ago | (#35107884)

I for one an shocked that the department which started ARPA then built the Internet around open standards and Berkeley Unix would be friendly to open source software. This is big news! Seriously though, I am slightly surprised that DOE didn't take the top slot.

ARPA really is a teeny tiny part of the DoD.

Personally, if there's any large factor that drives it, I suspect it's that the bureaucracy is so inept at managing contracts and licenses. In a business, if you need database X and have the budget for it, if someone fucks up the purchase they stand a chance of losing their job. In military / government, you can put in a request for X, wait six months and get Y because someone decided you couldn't possibly need X without even asking you.

So, though it might be lacking features and though money might not be an issue, often times FLOSS is competing with nothing.

Leaving philosophy out of it, licenses and DRM and such have always been bad business, but the commercial guys are simply in denial about this.

Misleading Quote (2)

m_chan (95943) | more than 3 years ago | (#35106784)

No where does the source article correlate the statistics to "passing" or not. The editorial article does.

Said differently, only one-third of agencies and departments evaluated received a passing grade"

"Said differently" being the key phrase.

LoL (0)

Anonymous Coward | more than 3 years ago | (#35106790)

Yes we can learn, remember non random tcp sequence in linux and suspicions of backdoors in openbsd.

Good... (0)

Anonymous Coward | more than 3 years ago | (#35106904)

Can they pass this down from the top level to the other 99% of the DOD now? We are regularly turned down for IA approval on applications BECAUSE they are open source, only recently have apache and firefox been allowed. In the AFMC at least we have to hunt for months and pay $50k for a program that can diff folder structures...

Re:Good... (3, Informative)

DrgnDancer (137700) | more than 3 years ago | (#35107250)

Sounds like a G-6 (or whatever the communications office at your approval authority level is called) issue. DoD is rife with OSS. I'm a senior systems person at a DoD lab that is almost entirely Linux. Most of the Army's new tactical computer (brigade and below) war-fighting systems are Solaris. The version they use may not be entirely open source (though it might be, I don't know), but it's full of OSS components. Firefox has been allowed everywhere I've worked (as a contractor) or served (as a soldier). DoD as a whole is very OSS friendly and has been for ~the last eight to ten years or so.

Re:Good... (2)

Nadaka (224565) | more than 3 years ago | (#35107392)

The approval process for open source projects takes time. Months, often years. If a open source product is asked for enough, it will be inspected and approved eventually if no major concerns are found.

Sea change (4, Informative)

wiredlogic (135348) | more than 3 years ago | (#35106930)

This is a dramatic change from the state of affairs ten years ago when the idea of running Linux and using open source in a secure environment would get you laughed out of the room. MITRE produced a white paper [mitre.org] back then that has slowly helped to put the gears of change in motion.

Figures (0)

Anonymous Coward | more than 3 years ago | (#35107156)

The department that kills people uses open source, the department that helps the poor uses closed source.

Re:Figures (1)

tqk (413719) | more than 3 years ago | (#35107486)

The department that kills people uses open source, the department that helps the poor uses closed source.

In theory at least, it's called the Defence Department, not "the department that kills people."

As for the one that "helps the poor", what else should they be wasting their money on, the poor?!? What, you want that dept. to actually get something done?!?

I wish to hell that either of them would hire me to show how easy and robust this stuff is. In my dreams.

Does this really suprise anyone?!?!?!? (1)

Schmyz (1265182) | more than 3 years ago | (#35107894)

For years the common workers at the DOD have had to hack and steal software to get the job done...why wouldnt they use an open source??? I have a buddy that has told me the submarine he is on is always using boosted software.

Re:Does this really suprise anyone?!?!?!? (1)

Jaxoreth (208176) | more than 3 years ago | (#35109250)

I have a buddy that has told me the submarine he is on is always using boosted software.

Well, it's not like the BSA can bust in and conduct a surprise raid on a submarine.

Re:Does this really suprise anyone?!?!?!? (1)

matthewd.net (1119425) | more than 3 years ago | (#35110910)

Gotta watch those EULAs...

Red Hat (1)

MyCookie (1983480) | more than 3 years ago | (#35108904)

Hey, wasn't it the DoD who said a while back that they are "the sigle largest customer base for Red Hat Enterprise Linux"? Props to them!

Well, they did invent Open Source after all (0)

Anonymous Coward | more than 3 years ago | (#35123912)

It was the DoD who asked for MULTICS to be open source so they could audit the code, for obvious reasons. They are also the ones who came up with the Orange Book, so it's no surprise they are still doing the same thing.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?