Open software needs to be secure

Open-source software should be held to the same levels of security and licensing accountability as commercial software, according to a May 28 memo from John Stenbit, Defense Department chief information officer, to defense agencies.

The agencies should consult their legal counsel when using open software to make sure it meets all lawful licensing requirements, Stenbit said.

The memo on open-source software use in the Defense Department said that modified open-source code is subject to the same license terms and conditions as the regular code. This means that if an agency or integrator rewrites open-source code to add new functionality, the modified code may fall under the same licensing agreement as the original code.

Stenbit's memo also reminded defense offices that all open-source software, such as commercial software, must comply with requirements set by the National Security Telecommunications and Information Systems Security Policy No. 11. This requires that agencies use only technology that has been validated to meet information assurance requirements for secure networks.

A PDF copy of the memo may be found at

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above.

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.


contracts DB