Defense Department Issues Open Source Policy

[InfoSec News <isn () c4i org>]

http://www.internetnews.com/dev-news/article.php/2216311

By Thor Olavsrud 
June 3, 2003 

The U.S. Department of Defense (DoD) last week distributed a memo
putting open source software on a level playing field with proprietary
software when it comes to use within the department, though the memo
also warned that those using open source software (OSS) must comply
with "lawful licensing requirements" and be aware of what those
licenses entail.

The DoD is a user of both open source and proprietary software,
ranging from Linux and BSD on the open end, to Unices and Windows on
the proprietary end. The memo eases fears that the military might ban
use of the GNU General Public License (GPL).

Providing a description of open source licenses and licensing
requirements, including a specific focus on the GPL, the memo, written
by John Stenbit, chief information officer and assistant secretary for
Command, Control, Communications and Intelligence Defense Department,
noted, "The Linux operating system is an example of an operating
system used in DoD that is licensed under the GPL."

Stenbit also used the memo to remind recipients that any "DoD
Components" who acquire, use or develop OSS must make sure that the
software complies with the same DoD policies governing Commercial Off
the Shelf (COTS) and Government Off the Shelf (GOTS) software.

"This includes, but is not limited to, the requirements that all
information assurance (IA) or IA-enabled IT hardware, firmware and
software components or products incorporated into DoD information
systems, whether acquired or originated within DoD: 1. Comply with the
evaluation and validation requirements of National Security
Telecommunications and Information Systems Security Policy Number 11,
and; 2. be configured in accordance with DoD-approved security
configuration guidelines available at http://iase.disa.mil/ and
http://www.nsa.gov/.";

Stenbit also urged anyone considering OSS within DoD to understand the
ramifications of its use. "DoD Components acquiring, using or
developing OSS must comply with all lawful licensing requirements," he
said. "As licensing provisions may be complex, the DoD Components are
strongly encouraged to consult their legal counsel to ensure that the
legal implications of the particular license are fully understood."

Open source licenses often require modifiers and distributors of the
code to make their source code available, publish a copyright notice,
place a disclaimer of warranty on distributed copies and give
recipients of the program a copy of the license. The GPL, which
governs the Linux open source operating platform, is a particularly
strict open source license which requires anyone that distributes code
they have modified to make the source code available when distributing
the original binary code or derivatives.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.