Open Source Software FAQFrequently Asked Questions regarding Open Source Software (OSS) and the Department of Defense (Do. D) This page is an educational resource for government employees and government contractors to understand the policies and legal issues relating to the use of open source software (OSS) in the Department of Defense (Do. D). The information on this page does not constitute legal advice and any legal questions relating to specific situations should be referred to legal counsel. A collaborative version of this document is published in Intellipedia- U at https: //www. Open? The 1. 6 October 2. Do. D CIO, . Careful legal review is required to determine if a given license is really an open source software license. The following organizations examine licenses; licenses should pass at least the first two industry review processes, and preferably all of them, else they have a greatly heightened risk of not being an open source software license: In practice, nearly all open source software is released under one of a very few licenses that are known to meet this definition. These licenses include the MIT license, revised BSD license (and its 2- clause variant), the Apache 2. GNU Lesser General Public License (LGPL) versions 2. GNU General Public License (GPL) versions 2 or 3. Using a standard license simplifies collaboration and eliminates many legal analysis costs. Q: What are synonyms for open source software? The Do. D has chosen to use the term . Q: What are antonyms for open source software? Commercially- available software that is not open source software is typically called proprietary or closed source software. It is made from residue that is of absolutely no use to the whiskey industry: draff (kernels of barley) and pot ale (a yeasty liquid resulting from fermentation). Compares Linux distributions (major, minor, regional) in simple table format. Information such as price, support, documentation, included packages. The Apache Software Foundation uses various licenses to distribute software and documentation, to accept regular contributions from individuals and corporations, and. Q: Is this related to ? In the Intelligence Community(IC), the term . In software, . At this time there is no widely- accepted term for software whose source code is available for review but does not meet the definition of open source software (due to restrictions on use, modification, or redistribution). Such software could be described as . Obviously, software that does not meet the definition of open source software is not open source software. OSS and Do. D Policy Q: What policies address the use of open- source software in the Department of Defense? The following policies apply: The Do. D CIO issued a memorandum titled . The Department of Navy CIO issued a memorandum with guidance on open source software on 5 Jun 2. This memorandum only applies to Navy and Marine Corps commands, but may be a useful reference for others. This memo is available at http: //www. Policy. View. aspx? ID=3. 12 . The Open Technology Development Roadmap was released by the office of the Deputy Under Secretary of Defense for Advanced Systems and Concepts, on 7 Jun 2. It is available at http: //www. OTDRoadmap. Final. The Office of Management and Budget issued a memorandum providing guidance on software acquisition which specifically addressed open source software on 1 Jul 2. It may be found at http: //www. US Army Regulation 2. This regulation only applies to the US Army, but may be a useful reference for others. The regulation is available at http: //www. In nearly all cases, OSS is commercial software, so the policies regarding commercial software continue to apply to OSS. The following licenses qualify as free software licenses, and are compatible with the GNU GPL. GNU General Public License (GPL) version 3 This is the latest.Q: Isn’t using open source software forbidden by Do. D Information Assurance Policy? This misconception comes from a misinterpretation of Do. D Instruction 8. 50. Information Assurance (IA) Implementation”, Enclosure 4, control DCPD- 1. The control in question reads: DCPD- 1 Public Domain Software Controls. Binary or machine executable public domain software products and other software products with limited or no warranty such as those commonly known as freeware or shareware are not used in Do. D information systems unless they are necessary for mission accomplishment and there are no alternative IT solutions available. Such products are assessed for information assurance impacts, and approved for use by the DAA. The assessment addresses the fact that such software products are difficult or impossible to review, repair, or extend, given that the Government does not have access to the original source code and there is no owner who could make such repairs on behalf of the Government. This control is intended to limit the use of certain kinds of “binary or machine executable” software when “the Government does not have access to the original source code”. As clarified in the 2. Do. D CIO Memorandum, this control does not prohibit the use of open source software, since with open source software the government does have access to the original source code. In the Desktop Application STIG version 3, release 1 (0. Commercial software, or seldom payware, is computer software that is produced for sale or that serves commercial purposes. Commercial software can be proprietary. Comparison of free and open-source software licenses; ISC license – similar to the MIT license, but with language deemed unnecessary removed. Getting started. An overview of Bootstrap, how to download and use, basic templates and examples, and more. March 2. 00. 7); in its section 2. DCPD- 1 does not apply to open source software, for this very reason. The STIG first notes that . Do. D no longer requires that operating system software be obtained through a valid vendor channel and have a formal support path, if the source code for the operating system is publicly available for review. It notes in particular that three cases for software are acceptable: A utility that has publicly available source code is acceptable. A commercial product that incorporates open source software is acceptable because the commercial vendor provides a warranty. Vendor supported open source software is acceptable. The DISA STIG also notes . A utility that comes compiled and has no warranty is not acceptable. General information about OSS Q: Is open source software commercial software? Open source software that has at least one non- governmental use, and has been or is available to the public, is commercial software. If it is already available to the public and is used unchanged, it is usually COTS. Code Title 4. 1, Chapter 7, Section 4. Thus, as long as the software has at least one non- governmental use, software released (or offered for release) to the public is a commercial item for procurement purposes. Similarly, U. S. Code Title 4. Chapter 7, Section 4. Thus, OSS available to the public and used unchanged is normally COTS. These definitions in U. S. DFARS 2. 52. 2. Rights in Noncommercial Computer Software and Noncommercial Computer Software Documentation defines . OSS projects typically seek financial gain in the form of improvements. Code Title 1. 7, section 1. OSS licenses and projects clearly approve of commercial support Q: Why is it important to understand that open source software is commercial software? It is important to understand that open source software is commercial software, because there are many laws, regulations, policies, and so on regarding commercial software. Failing to understand that open source software is commercial software would result in failing to follow the laws, regulations, policies, and so on regarding commercial software. In particular, U. S. 1. 0 USC 2. 37. This is particularly the case where future modifications by the U. S. Do not mistakenly use the term . As noted above, in nearly all cases, open source software is considered . DFARS 2. 52. 2. 27- 7. In addition, important open source software is typically supported by one or more commercial firms. Also, do not use the terms . Do. D Instruction 8. Information Assurance (IA) Implementation”, Enclosure 4, control DCPD- 1, states that these terms apply to software where . OSS is typically developed through a collaborative process. Most OSS projects have a “trusted repository”, that is, some (web) location where people can get the “official” version of the program, as well as related information (documentation, bug report system, mailing lists, etc.). Users can get their software directly from the trusted repository, or get it through distributors who acquire it (and provide additional value such as integration with other components, testing, special configuration, support, and so on). Only some developers are allowed to modify the trusted repository directly: the trusted developers. At project start, the project creators (who create the initial trusted repository) are the trusted developers, and they determine who else may become a trusted developer of this initial trusted repository. All other developers can make changes to their local copies, and even post their versions to the Internet (a process made especially easy by distributed software configuration management tools), but they must submit their changes to a trusted developer to get their changes into the trusted repository. Users can send bug reports to the distributor or trusted repository, just as they could for a proprietary program. But what is radically different is that a user can actually make a change to the program itself (either directly, or by hiring someone to do it). Since users will want to use the improvements made by others, they have a strong financial incentive to submit their improvements to the trusted repository. That way, their improvements will be merged with the improvements of others, enabling them to use all improvements instead of only their own. This can create an avalanche- like “virtuous cycle”. As the program becomes more capable, more users are attracted to using it. A very small percentage of such users determine that they can make a change valuable to them, and contribute it back (to avoid maintenance costs). As more improvements are made, more people can use the product, creating more potential users as developers - like a snowball that gains mass as it rolls downhill. This enables cost- sharing between users, as with proprietary development models. In contrast, typical proprietary software costs are per- seat, not per- improvement or service. However, it must be noted that the OSS model is much more reflective of the actual costs borne by development organizations. It costs essentially nothing to send a file or burn a CD- ROM of software; once it exists, all software costs are due to maintenance and support of software. In short, OSS more accurately reflects the economics of software development; some speculate that this is one reason why OSS has become so common so quickly.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
August 2017
Categories |