Open software needs to be secure

Open-source software should be held to the same levels of security and licensing accountability as commercial software, according to a May 28 memo from John Stenbit, Defense Department chief information officer, to defense agencies.

The agencies should consult their legal counsel when using open software to make sure it meets all lawful licensing requirements, Stenbit said.

The memo on open-source software use in the Defense Department said that modified open-source code is subject to the same license terms and conditions as the regular code. This means that if an agency or integrator rewrites open-source code to add new functionality, the modified code may fall under the same licensing agreement as the original code.

Stenbit's memo also reminded defense offices that all open-source software, such as commercial software, must comply with requirements set by the National Security Telecommunications and Information Systems Security Policy No. 11. This requires that agencies use only technology that has been validated to meet information assurance requirements for secure networks.

A PDF copy of the memo may be found at http://www.egovos.org/pdf/OSSinDoD.pdf.