Security News > 2003 > June > Defense Department Issues Open Source Policy
http://www.internetnews.com/dev-news/article.php/2216311 By Thor Olavsrud June 3, 2003 The U.S. Department of Defense (DoD) last week distributed a memo putting open source software on a level playing field with proprietary software when it comes to use within the department, though the memo also warned that those using open source software (OSS) must comply with "lawful licensing requirements" and be aware of what those licenses entail. The DoD is a user of both open source and proprietary software, ranging from Linux and BSD on the open end, to Unices and Windows on the proprietary end. The memo eases fears that the military might ban use of the GNU General Public License (GPL). Providing a description of open source licenses and licensing requirements, including a specific focus on the GPL, the memo, written by John Stenbit, chief information officer and assistant secretary for Command, Control, Communications and Intelligence Defense Department, noted, "The Linux operating system is an example of an operating system used in DoD that is licensed under the GPL." Stenbit also used the memo to remind recipients that any "DoD Components" who acquire, use or develop OSS must make sure that the software complies with the same DoD policies governing Commercial Off the Shelf (COTS) and Government Off the Shelf (GOTS) software. "This includes, but is not limited to, the requirements that all information assurance (IA) or IA-enabled IT hardware, firmware and software components or products incorporated into DoD information systems, whether acquired or originated within DoD: 1. Comply with the evaluation and validation requirements of National Security Telecommunications and Information Systems Security Policy Number 11, and; 2. be configured in accordance with DoD-approved security configuration guidelines available at http://iase.disa.mil/ and http://www.nsa.gov/." Stenbit also urged anyone considering OSS within DoD to understand the ramifications of its use. "DoD Components acquiring, using or developing OSS must comply with all lawful licensing requirements," he said. "As licensing provisions may be complex, the DoD Components are strongly encouraged to consult their legal counsel to ensure that the legal implications of the particular license are fully understood." Open source licenses often require modifiers and distributors of the code to make their source code available, publish a copyright notice, place a disclaimer of warranty on distributed copies and give recipients of the program a copy of the license. The GPL, which governs the Linux open source operating platform, is a particularly strict open source license which requires anyone that distributes code they have modified to make the source code available when distributing the original binary code or derivatives. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.