[ISN] Defense Department Issues Open Source Policy

From: InfoSec News (isnat_private)
Date: Wed Jun 04 2003 - 00:36:10 PDT

  • Next message: InfoSec News: "[ISN] Police probe girl's claims"

    http://www.internetnews.com/dev-news/article.php/2216311
    
    By Thor Olavsrud 
    June 3, 2003 
    
    The U.S. Department of Defense (DoD) last week distributed a memo
    putting open source software on a level playing field with proprietary
    software when it comes to use within the department, though the memo
    also warned that those using open source software (OSS) must comply
    with "lawful licensing requirements" and be aware of what those
    licenses entail.
    
    The DoD is a user of both open source and proprietary software,
    ranging from Linux and BSD on the open end, to Unices and Windows on
    the proprietary end. The memo eases fears that the military might ban
    use of the GNU General Public License (GPL).
    
    Providing a description of open source licenses and licensing
    requirements, including a specific focus on the GPL, the memo, written
    by John Stenbit, chief information officer and assistant secretary for
    Command, Control, Communications and Intelligence Defense Department,
    noted, "The Linux operating system is an example of an operating
    system used in DoD that is licensed under the GPL."
    
    Stenbit also used the memo to remind recipients that any "DoD
    Components" who acquire, use or develop OSS must make sure that the
    software complies with the same DoD policies governing Commercial Off
    the Shelf (COTS) and Government Off the Shelf (GOTS) software.
    
    "This includes, but is not limited to, the requirements that all
    information assurance (IA) or IA-enabled IT hardware, firmware and
    software components or products incorporated into DoD information
    systems, whether acquired or originated within DoD: 1. Comply with the
    evaluation and validation requirements of National Security
    Telecommunications and Information Systems Security Policy Number 11,
    and; 2. be configured in accordance with DoD-approved security
    configuration guidelines available at http://iase.disa.mil/ and
    http://www.nsa.gov/."
    
    Stenbit also urged anyone considering OSS within DoD to understand the
    ramifications of its use. "DoD Components acquiring, using or
    developing OSS must comply with all lawful licensing requirements," he
    said. "As licensing provisions may be complex, the DoD Components are
    strongly encouraged to consult their legal counsel to ensure that the
    legal implications of the particular license are fully understood."
    
    Open source licenses often require modifiers and distributors of the
    code to make their source code available, publish a copyright notice,
    place a disclaimer of warranty on distributed copies and give
    recipients of the program a copy of the license. The GPL, which
    governs the Linux open source operating platform, is a particularly
    strict open source license which requires anyone that distributes code
    they have modified to make the source code available when distributing
    the original binary code or derivatives.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Jun 04 2003 - 02:41:26 PDT