You have to understand that "open source" means that anyone - including the military - can get hold of the source code and examine it for any traps,
trojans, bugs, or other problems. If someone "puts something" into the code, anyone else can find it. There are thousands of programmers examining
the source code of open source software. Bugs and other problems are usually discovered in a very short time.
With proprietary programs, there is no way to examine the source code. Whatever you get, is what they give you. If there is a problem built in, you
won't know about it until it bites you. Even then, you can't do a thing about it. You have to wait until the company gets around to fixing it,
which could take weeks or even months. Proprietary software does not make the programs any safer. In fact, it makes it possible for severe problems
to remain undetected and unfixed for much longer, causing enormous damage when they finally go appear.
There are people out there - malicious "hackers", which I'll call "crackers" - who search for weaknesses in any code. When they discover them,
they may use that weakness to do mischief. They might also just publicize the exploit to get credit for being the first to uncover it. Once they go
public, that date is called a "Zero day exploit". Now the program is vulnerable, and many people know about it. Until the someone creates a patch
to correct the problem, anyone using the program is vulnerable.
Proprietary companies are relatively slow to fix mistakes. For example, Microsoft has "patch Tuesdays", on which they issue patches that have been
discovered. "Patch Tuesday" happens on the second Tuesday of each month. Theoretically, a serious vulnerability may be left unpatched for almost a
whole month. This is not good. Unfortunately, proprietary companies lose money when they have to produce a patch, because the work that is done
doesn't bring them in any more money. They've already sold the program. Additional work to fix it requires them to spend money that won't have
any return. Most companies will eventually get around to fixing serious problems, but they'll take their time. And sometimes they just deny that
it's a "serious" problem and ignore it.
With open source, things are much different. Once a vulnerability is discovered, it is almost always fixed within days, often hours. Patches are
released at any time, day or night. If the original programmer can't or won't fix the problem, any other programmer with the required skills can do
it. Usually the original programmer will get to work right away, because one of his motivations is credibility and pride to have made a contribution.
It's kind of a status thing. You want to preserve your reputation as a competent programmer. But someone else might go ahead and write the patch
first. If it works out, it will be incorporated into the program and released right away. These patches are tested by dozens, sometimes hundreds of
others, to see whether they fix the problem.
Ultimately, the military's decision to allow open source is a move towards security. They are not just trying to save a few bucks. The cost of
software to the military is trivial, compared to the other stuff they buy. Certainly saving a few million dollars won't be a good excuse to endanger
security.
The important point for the military is that the open source software is "free as in speech, not free as in beer". You can do whatever you want
with it - rewrite it, change it, improve it, destroy it, whatever. You can't do that with proprietary software. Read the
Microsoft EULA to get an idea of the unbelievable limitations imposed on users of
software.
If some spy ever got into Microsoft, he could make all sorts of changes, put in back doors, viruses, whatever he wanted. If Microsoft didn't catch
it - and they often miss severe bugs - then the product ships and the military has programs that the bad guys can take control of. Not a good thing,
if this software happens to control missiles or something. If someone used wonky software to tell our computers to nuke Russia, that could have
serious diplomatic repercussions - like the Third and Final World War.
Finally, the military has *already* been hit several times by external attacks. If I recall correctly, in Afghanistan, half of a military base there
got its computers infected by some virus. In another incident, the control program of a ship was affected by some malware. This is a
Bad Thing.
[edit on 10/30/2009 by chiron613]