Defense Contractor Says Open Source Is Widely Used, Beneficial To DoD

By Mitch Wagner

Open-source software is in widespread use in the U.S. Department of Defense, and is important to defending against cyber attacks, says a report by defense contractor Mitre Corp.

The report comes about a week after three members of the House of Representatives attacked open source.

Reps. Adam Smith (D-Wash.), Ron Kind (D-Wisc.), and Jim Davis (D-Fla.) sent a letter to 74 Democrats in Congress attacking Linux's GNU General Public License (GPL) as a threat to American "innovation and security."

But Mitre takes a different view. Compared with proprietary software, the report says, free and open-source software provides additional flexibility, autonomy, and the ability to respond faster to attacks.

The report notes that the word "free" refers to the ability of users to modify and redistribute the source code. "The hypothetical question was posed of what would happen if FOSS [Free and Open Source Software] were banned in the DoD," the report says. "The main conclusion of the analysis was that FOSS software plays a more critical role in the DoD than has generally been recognized."

Free and open-source software is common in infrastructure support, including sendmail, a utility that's extremely popular in all computing; software development, including the GCC compiler, a popular compiler for the C programming language; security; and research.

Without open source, the report says, the Defense Department would lose access to powerful security analysis and detection applications, which would "have immediate, broad, and strongly negative impacts on the ability of many sensitive and security-focused DoD groups to defend against cyber attacks."

The department also relies heavily on Perl, an open-source scripting language that is highly popular in all Internet applications, and on Ada.

The report says the Defense Department needs to increase the use of open-source software to counter the perception that it can't legally be used in conjunction with proprietary software.

Mitre recommends that the Defense Department pull together a list of open-source applications that are commercially supported, widely used, and have proven track records of security and reliability -- including the 155 apps already in use at the department.

"In formulating the list, quick consideration should be given in particular to high-value, heavily used infrastructure and development tools," including Linux, various varieties of the BSD operating systems, Samba, Apache, Perl, GCC, bind, and sendmail, the report says.

The defense department should develop policies for using open-source software and other compatible commercial products, the report says. The study noted that Microsoft's Windows Service for Unix product -- a migration tool for moving from Unix to Windows -- contains several open-source tools.

World governments are increasingly pursuing open-source strategies, but proprietary software vendors are fighting back. Microsoft has been marketing aggressively against open source, with top executives calling it a "cancer" on innovation. "If a country is trying to bootstrap an IT industry, this would give them an opportunity to build on the shoulders of what other people have done, rather than having to develop it all themselves," said IDC analyst Dan Kusnetzky.