It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

DOD's new rules promote open source

page: 1
1

log in

join
share:

posted on Oct, 30 2009 @ 01:56 PM
link   
Recently issued guidelines by the DOD now allow the military to consider open source software for their use.

DOD's new rules promote open source


Military services procuring software should regard open-source as just another form of commercial software, the guidance states. When evaluating possible software choices, the agency should consider the benefits of open-source, such as how the code is peer-reviewed, the freedom from potential vendor-lock in, potential licensing issues about reusing the software and the potential cost-savings.


In other words, it sounds like the military may now look at OS apps like Open Office, etc when picking their software.

It could certainly keep cost down. Of course, it does open up other doors. Like what could someone put in the software that makes its way into the military's hands? Likewise, could they put something in it and send it out into the OS world?



[edit on 30-10-2009 by Frogs]




posted on Oct, 30 2009 @ 02:43 PM
link   

Originally posted by Frogs
It could certainly keep cost down. Of course, it does open up other doors. Like what could someone put in the software that makes its way into the military's hands? Likewise, could they put something in it and send it out into the OS world?


As the source is open, it can be compiled from a scrutized source. A binary distribution is not required. Any insecurity introduced for/from the military is an insecurity for everyone that would be intolerable and I would expect that would serve as a check.

[edit on 10/30/2009 by EnlightenUp]



posted on Oct, 30 2009 @ 03:04 PM
link   
You have to understand that "open source" means that anyone - including the military - can get hold of the source code and examine it for any traps, trojans, bugs, or other problems. If someone "puts something" into the code, anyone else can find it. There are thousands of programmers examining the source code of open source software. Bugs and other problems are usually discovered in a very short time.

With proprietary programs, there is no way to examine the source code. Whatever you get, is what they give you. If there is a problem built in, you won't know about it until it bites you. Even then, you can't do a thing about it. You have to wait until the company gets around to fixing it, which could take weeks or even months. Proprietary software does not make the programs any safer. In fact, it makes it possible for severe problems to remain undetected and unfixed for much longer, causing enormous damage when they finally go appear.

There are people out there - malicious "hackers", which I'll call "crackers" - who search for weaknesses in any code. When they discover them, they may use that weakness to do mischief. They might also just publicize the exploit to get credit for being the first to uncover it. Once they go public, that date is called a "Zero day exploit". Now the program is vulnerable, and many people know about it. Until the someone creates a patch to correct the problem, anyone using the program is vulnerable.

Proprietary companies are relatively slow to fix mistakes. For example, Microsoft has "patch Tuesdays", on which they issue patches that have been discovered. "Patch Tuesday" happens on the second Tuesday of each month. Theoretically, a serious vulnerability may be left unpatched for almost a whole month. This is not good. Unfortunately, proprietary companies lose money when they have to produce a patch, because the work that is done doesn't bring them in any more money. They've already sold the program. Additional work to fix it requires them to spend money that won't have any return. Most companies will eventually get around to fixing serious problems, but they'll take their time. And sometimes they just deny that it's a "serious" problem and ignore it.

With open source, things are much different. Once a vulnerability is discovered, it is almost always fixed within days, often hours. Patches are released at any time, day or night. If the original programmer can't or won't fix the problem, any other programmer with the required skills can do it. Usually the original programmer will get to work right away, because one of his motivations is credibility and pride to have made a contribution. It's kind of a status thing. You want to preserve your reputation as a competent programmer. But someone else might go ahead and write the patch first. If it works out, it will be incorporated into the program and released right away. These patches are tested by dozens, sometimes hundreds of others, to see whether they fix the problem.

Ultimately, the military's decision to allow open source is a move towards security. They are not just trying to save a few bucks. The cost of software to the military is trivial, compared to the other stuff they buy. Certainly saving a few million dollars won't be a good excuse to endanger security.

The important point for the military is that the open source software is "free as in speech, not free as in beer". You can do whatever you want with it - rewrite it, change it, improve it, destroy it, whatever. You can't do that with proprietary software. Read the Microsoft EULA to get an idea of the unbelievable limitations imposed on users of software.

If some spy ever got into Microsoft, he could make all sorts of changes, put in back doors, viruses, whatever he wanted. If Microsoft didn't catch it - and they often miss severe bugs - then the product ships and the military has programs that the bad guys can take control of. Not a good thing, if this software happens to control missiles or something. If someone used wonky software to tell our computers to nuke Russia, that could have serious diplomatic repercussions - like the Third and Final World War.

Finally, the military has *already* been hit several times by external attacks. If I recall correctly, in Afghanistan, half of a military base there got its computers infected by some virus. In another incident, the control program of a ship was affected by some malware. This is a Bad Thing.

[edit on 10/30/2009 by chiron613]



new topics
 
1

log in

join