Department of Defense Relies On Linux

By Michael S. Mimoso

Enterprises looking toward the federal government for technological
inspiration got a healthy dose of it recently when the Department of
Defense authorized the use of open-source software within its ranks.

DoD chief information officer John Stenbit penned a memo May 28 that
authorized the use of open-source software as long as it adheres to the
same DoD policies that govern proprietary and government-developed
software. Namely, open-source software must comply with National Security
Telecommunications and Information Systems Security Policy No. 11, which
governs software acquisitions, and it must be configured in accordance with
DoD-approved security configuration guidelines.

"This is very significant, because this is the first official federal
government statement putting open-source software on a level playing field
with proprietary," said Tony Stanco, founding director of the Center of
Open Source Government and associate director of the Cyber Security Policy
and Research Institute at George Washington University in Washington, D.C.

"This legitimizes [open-source software]. Before, it was kind of like
'don't ask, don't tell.' People weren't asking about it and weren't using
it because no one wanted to risk their careers on it," Stanco said. "We
expect some of the conservative elements to become more aggressive about
open-source."

Stanco pointed to a study by the Mitre Corp., a not-for-profit IT service
organization that manages a DoD research and development center, on the use
of free and open-source software in the DoD and what would happen if
open-source was banned in the department.

The report, released in January, points out that the use of open-source
software is pretty prevalent in the DoD, in particular in infrastructure
support, software development, security and research. The report said the
DoD was especially dependent on open-source software for security, in
particular because of its open nature and the ability of developers to
rapidly fix vulnerabilities and respond to attacks. Banning open-source
software would adversely impact network security and other areas, the
report said.

"The DoD usually leads the way with technology. It's pretty cutting edge,"
Stanco said. "Here's a credible voice on the IT side saying open-source is
nothing to be afraid of."

Stanco expects that this action by the DoD could spur state governments to
consider more open-source products.

"The states are in bad shape and need to reduce budgets," he said. "They
need to make cuts. That's why states like Oregon and Texas are considering
moving away from proprietary to open-source. Rhode Island and Hawaii are
also looking into it."

Cost, however, is not an issue for the federal government, which has money
to spend as it tries to get the Department of Homeland Security
operational.

"It's about the flexibility and security with regard to fixes and
customization," Stanco said. "If you're building a new weapon system, the
ability to play with Linux is especially good."