digg

Facebook Connect Join Digg About

See the original image at linuxinsider.com

Convincing the Military to Embrace Open Source

linuxinsider.com — Misconceptions about open source software have made many U.S. Defense Department sectors reluctant to employ this technology. Although a 2003 department policy allows its use.

Who dugg this? Made popular Dec 30, 2007

submitted by

inactive Dec 29, 2007

502 diggs
digg

89 Comments

StanStutter, on 12/30/2007, -1/+16http://stuttering.stan.googlepages.com/clippy.jpg
e2superman, on 12/30/2007, -5/+19Here is the issue at least on classified machines: All software must be coded by US Citizens and/or certified by the US DOD or Local Security per DOD procedures. With open source code then there is no way the military can honestly review the entire source code and there would be the chance of security holes (maybe on purpose) that could be exploited both domesticly and/or by foreign nationals. Software can not be patched on classified (and most unclassified) systems quickly due to legacy support issues (lots of code for the DOD is run on windows 98 since the code wont work on anything newer and would cost too much to upgrade). Without patches and with the source code "unclassified" or at least known by theird parties, exploits and hacks would be a very serious concern.

This is why OSS is not feasible for Defense (industry) and most government sensitive systems.
notjustmii, on 12/30/2007, -1/+13Some open source is good, and it is definitely getting better over time but there have been some real crappy open source alternatives in the past.
ridingfool, on 12/30/2007, -2/+14I find that the military and government in general are always the last to embrace new technology. We all know that cost is not a factor even though they always complain it is.
TehDoctor, on 12/30/2007, -1/+12Opera isn't open source.
dgh1973, on 12/30/2007, -0/+11As an ex-defense contractor I can attest to the fact that the adoption is happening, but slowly. It's in their STIGs and fully blessed but the main problems surrounding it aren't security or whether or not it's good quality 'ware, it's the same problem that exists for commercial companies... support contracts.

The government (just like big business where lots of money is riding on it) needs people to blame when the ***** breaks because most of their techs are too stupid to maintain it by themselves (the ones that have the brains are actually contractors, and they have the job security of a chicken wing in Ethiopia).
SavageBlackCat, on 12/30/2007, -1/+10The military uses a mix of technologies depending on the intended application. Buried as linux fanboy BS because the author wants 100% *nix use.
cboj, on 12/30/2007, -1/+10I run a Help Desk at a large AF installation. Even when I mention something like using FireFox the looks I get are amazing. Much of it is fear of the unknown. Too many of the PC support people only know one thing and don't want to risk having to learn more. Worse, even if we wanted to use some other software, no one is quite sure of the approval process, or at least willing to try to get it approved.

So we are stuck with XP and IE. We are just now installing IE7 and twice this year they have told us Quicktime is unauthorized.
CondoleezzaRice, on 12/30/2007, -0/+8They already do use open source.
ISVDamocles, on 12/30/2007, -0/+7No. "SUN" stands for "Stanford University Network." Sun Microsystems was born from a University IT Department...
Phocion55, on 12/30/2007, -0/+6I'm confused on so many levels right now
marx2k, on 12/30/2007, -1/+7I don't think the Pentagon is weighing The Gimp vs Photoshop
sweeneyowns, on 12/30/2007, -0/+5good luck on the military doing anything that would be smart. they just loaded vista on all of our ***** machines and it runs like a dried up turd.
solid12345, on 12/30/2007, -0/+5Military and government are last to embrace new technology? You mean like the A-Bomb or the Jet Engine?
cquinnd, on 12/30/2007, -1/+5Improperly vetted code is obscure regardless of the source.
prammy, on 12/30/2007, -1/+5@e2superman:
As to point 1, security by obscurity is not a strong enough reason. If it were true, then Windows would be the least affected by security issues.
As to point 2, you call the vendor for support. The DOD does not and should never download and install applications directly from sourceforge.net or the developer's site. The DOD only gets software from certain vendors and the vendor is then responsible for support.
The DOD does use Open Source Software but these are packages provided by a DOD vendor. The vendor shares part of the responsibility to ensure that any exploits are fixed and patches provided in a timely manner. I am sure the DOD gets service contracts from these companies.
skunksmellnice, on 12/30/2007, -0/+4I could see their reluctance, but as long as they review the software & plug-in's, they should be fine. We're going to see a huge influx of open source over the next couple of years. I'm trying to move completely to OS and then switch my operating system to ubuntu.
branjb, on 12/30/2007, -4/+8I don't understand why e2superman is being dugg down either. He speaks the truth. I was surprised it wasn't said earlier, using code that the entire world has access to on your defense mainframe is generally not a good idea. Re: Cylons and Battlestar Galactica.
SavageBlackCat, on 12/30/2007, -1/+5Oh how wrong you are.
prammy, on 12/30/2007, -1/+5Security by obscurity does not work effectively.
e2superman, on 12/30/2007, -3/+6Two things:

One: The point of closed access code is to prevent exploits from being known. Exploits (if they happen) are very serious every time. Open source code can be seen by many many people and since exploits are widely known before they can be patched it would cost a fortune every time joe smith finds one and publicizes it.

Two: Who does the government call then for support? Who has the accountability? Lets say the explot causes nuclear secrets to be stolen because of an obvious hole in the security of the code. etc... Remember too that code for the military is written to a completely different standard than comercial code. If you have never seen how the defense industry codes please do not guess.
inactive, on 12/30/2007, -1/+4I guarantee you they already embrace open source, they just might not know it yet. I am 100% sure that some of their programmers use code from other open source software that can be used on their projects. Now the government making their final product's source code available, that isn't going to happen any time soon.
DarkJesus, on 12/30/2007, -0/+3And we want America's army (the game) back too!
qwuinc, on 12/30/2007, -0/+3Oh, and I thought security experts are just about getting to agree that security through obscurity is not called security...? :P
gbudavid, on 12/30/2007, -0/+3Yeah but it is free My Bad tho
BlaenkDenum, on 12/30/2007, -1/+4Revision 911: There was a glitch in the WMD module which caused nuclear missiles to be randomly launched. Attached is a patch which should fix it.
bubbaislazy, on 12/30/2007, -0/+2Depends on the unit. The unit I was in during 2001-2003 was part of the Army's Intelligence and Security command (INSCOM). Desktops were upgraded to Windows XP in early 2003. Servers were a combination of Windows, Linux, and Solaris. There were even some Sun desktop hardware for some applications.
drmangrum, on 12/30/2007, -0/+2Your assuming the article is correct. Those of us in the know fully understand why OSS can't be used at all times. Security and legacy system support concerns have already been brought up, but there are other issues as well.
-Everyone has to be trained to utilize the new system. To us, this isn't that big a deal. Most of us on Digg are extremely computer savvy. The average user is not. When an icon is out of place or menu item is named differently, basic users are completely lost.
-There are legal concerns as well. There are many cases of where the government has entered into long term contracts to run a certain program. If it's already been paid for ( or still being paid for), why change?
-On a classified system, if any configuration item has been changed, the entire system segment has to be re-validated by the security office. This is a time consuming process that would burden an already over burdened office ( there are typically only a handful of people handling security in an organization).
-The government and military DO use open source software where they can, but the technology suppliers make it even harder to full integrate OSS. Many organizations don't purchase new computers, they lease them. The software is already loaded.
SavageBlackCat, on 12/30/2007, -1/+3Not true - SELinux has been used for years on JWICS and SIPRNET.
Misesean, on 01/01/2008, -0/+2As CarzorStelatis says above: better if they stick to Windows that only works half the time :)
falafelkiosken, on 12/30/2007, -0/+2since when is Linux closed source?
and since when is open source insecure? (some of the least secure software are closed source
tvanwyk, on 01/01/2008, -0/+2Ahh! Bogeyman! Save me!

There's no proof that open source software is any less secure than closed source software. The debate's been going on for a long time and the people who claim open source software is insecure certainly have failed (and continue to fail) meeting the burden of proof.
cquinnd, on 12/30/2007, -0/+2It's not retarded logic at all. While many open source projects are small enough that a code review is possible, there is far less likelyhood that the same can (or will) be said when the project grows to the scope of a system that has to be supported over hundreds of installations and thousands of individual components, dealing with varying degrees of classified information.
The usual solution to this dilemma is open software that is completely written in house, or by specially vetted sub-contractors, both cases increasing the cost of the project into the range of proprietary software.
tvanwyk, on 01/01/2008, -0/+2Uhh... this is just inviting a question. Am I the only one who doesn't give a flying ***** what software model was used to develop the software the military deploys in the process of ***** people over in wars of "liberation?"
e2superman, on 12/30/2007, -1/+3and it was likely approved by DOD and/or DSS (if ona classified system). We use RedHat on classified systems but ussually "older" revisions that were approved after being reviewed and approved. Blindly using code (especially OSS) is a major concern. I DO work in defense and we are strictly prohibited to put OSS on a classified systems and in general software needs to be on an "ok" list. The do not want code on there for example that happened to be written by a foreign country and can possibly have hidden issues...
e2superman, on 12/30/2007, -3/+5if you vote me down at least give me a reason why you think I am wrong.
e2superman, on 12/30/2007, -0/+2What about support and documentation. Both tend to be very lacking for OSS.
cabazorro, on 12/30/2007, -0/+2This is the scenario to present to those that advocate closed source in their projects. Pick a vendor, any vendor of closed source solutions. 2 Years down the road, the vendor sells their technology to another party that stops supporting the product you purchase and offers you to sell you the "upgrade" which you clearly don't need but becomes the only choice. Is called vendor lock-in. Ask the FAA, Raytheon, Boeing, Lockheed about vendor lock-in. It's the budget bottomless pit. Its the path to overrun budgets and dead end projects.
Ademan, on 12/30/2007, -0/+2Yeah... war is the mother of invention (necessity too, somehow invention has a couple mommies)
schestowitz, on 12/30/2007, -4/+6According to this, 65% of their applications run on GNU/Linux. Splendid!
init100, on 01/02/2008, -0/+1"Look into it."

Except I have no US security clearance, and probably never will as I'm a foreign citizen and thus a potential enemy (I'm in a country that the US considers friendly today, but allegiances change).
init100, on 01/02/2008, -0/+1"Pure Open Source is actually in most cases strictoly prohibited by Security from being placed on the hardware."

As you wrote yourself, this has nothing to do with the software being open source or not. I'd hardly think that you are allowed to load and run unreviewed proprietary software either. The relevant parameter is thus if the software has been reviewed or not, not whether it is open source or not.
rouslan, on 12/30/2007, -0/+1I still don't get why the US government isn't using open-source....does it have anything to do with supporting Microsoft?
gbudavid, on 12/30/2007, -1/+2The Germans Developed the jet engine
init100, on 01/02/2008, -0/+1Actually, most free software coders do not care what the software is used for, as longf as it is free. That is why FOSS can be used both by the torture-using US military, capitalistic corporations, communistic nations and child-killing terrorists simultaneously. Nobody is prevented from using the software, regardless how much the devs hate their views.
SavageBlackCat, on 12/30/2007, -1/+2The DoD and/or the DSS doesnt hold the final say - the DISA does.
init100, on 01/02/2008, -0/+1Actually the Germans and the Brits invented the jet engine almost simultaneously.
init100, on 01/02/2008, -0/+1"Military cannot us open source software for one reason, security."

The stupidity of that comment is astounding.
dexedrine, on 12/30/2007, -0/+1-On a classified system, if any configuration item has been changed, the entire system segment has to be re-validated by the security office. This is a time consuming process that would burden an already over burdened office ( there are typically only a handful of people handling security in an organization).

There's no Chloe O'Brien around who could type in three strokes and say, "Jack, we have an intruder at entry point B. He used a stolen Key Card that was recently reprogrammed with new authorizations. I'm pulling up the internal security feed to your PDA." All of this in a matter of moments mind you. ...I love TV.
init100, on 01/02/2008, -0/+1A pretty good description of why no other military than the US military should rely on Windows. Who know what the US military collaborated with Microsoft to put into it?
Show 51 - 88 of 88 discussions
Add a Comment

Login or register to comment!
Or, sign-in super fast with your Facebook account ...

Site Links: Home; Take a Tour; Search Digg; Digg Mobile; RSS Feeds; Popular Archive

Help: Frequent Questions; How Digg Works; Report a Website Bug

All About Digg: About Us; Contact Us; Community Guidelines; The Digg Blog; Digg Townhalls & Meetups; Jobs at Digg; Advertise on Digg; Diggnation Podcast

Digg Store: Get hats, shirts, hoodies, stickers, and more at the Digg Store.

Digg Tools & API: All Digg Tools; DiggBar Tools; Firefox Toolbar; Twitter Feeds; Add Digg to Google; Netvibes Widget; Integrate Digg Buttons; Digg Badges; Make a Digg Widget; API for Developers

Digg Dialogg!: Digg Dialogg lets you choose the questions.

Digg Labs: Get a real-time view beneath the surface of Digg.; Digg Labs Home; Arc, Swarm, Stack, Bigspy, Pics

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.