Pentagon: Open source good to go

Military IT folks wondering if their use of Apache, Perl, Linux and other open source software is copacetic with the brass will soon get some answers from the Defense Department's Office of the Chief Information Officer.

The office is preparing a memorandum that further clarifies how open source may be procured and used within the services.

The memo should answer many lingering questions still surrounding the open source, said Daniel Risacher, the data strategy leader for the Office of Secretary of Defense who is drafting the memo. The draft may point out some potential benefits as well.

"Those factors that are in favor of open source have not been appreciated to date," said Risacher, speaking at the Red Hat Government Users and Developers conference, being held today. The DOD CIO office is aiming to release the memo by early November.

From Risacher's description of the draft, the memo may reinforce the acceptability of using open source software within the Defense Department, as well as for other federal agencies. It may even broaden procedures for procuring commercial software.

"Those mandates [in which] we have to consider commercial off-the-shelf software, we have to apply that to open source software as well," Risacher said. "And that is not well appreciated within government."

Risacher said that he first started working on the memo last summer at the behest of the Defense Deputy CIO, David Wennergren. Although widely used in federal government, open source software, due to its unusual form of distribution, has raised questions among regulation-minded program managers.

In 2004, the Office of Management and Budget, issued a memorandum, M-04-16, that called on agencies to exercise the same procurement procedures for open source as they would for commercial software, as per guidelines set in OMB Circulars A-11 and A-130 and the Federal Acquisition Regulation policies. And in 2003, then-defense CIO John Stenbit issued memo reminding services that any open source software they use should be held to the same levels of security and licensing accountability as commercial software.

The new memo aims to address various questions that have arisen since these memos.

One of the primary issues to be addressed is if open source software is a form of commercial off-the-shelf software (COTS). The Defense Department has a number of mandates that compel the services to seek COTS software packages before commissioning custom code. If open source is COTS, then it needs to be included in the procurement process.

It is, Risacher confirmed. Risacher notes that COTS is generally defined as "software that is for sale, lease or licensed to the public, and is available to the government as well." Open source fits under this definition.