DISA finds widespread open-source use in DoD

A Defense Information Systems Agency report has found that the military is bypassing commercial proprietary software in favor open-source software more than it previously assumed.

"Use of Free and Open-Source Software (FOSS) in the U.S. Department of Defense," released Oct. 28 by Mitre Corp., Bedford, Mass., identified more than 115 open-source programs being used in 251 tasks. Results were compiled from e-mail surveys.

"The actual levels of DoD use of such ubiquitous applications is likely to be hundreds, thousands, or even tens of thousands of time larger than the number of examples identified in the brief survey," the report said.

Freely available programs such as the Perl programming language, the Linux operating systems and Sendmail were particularly prevalent, the report said.

Open source software, often developed by volunteer programmers, allows users to modify the source code to customize applications as well as to distribute freely to other parties, in contrast to proprietary software packages which tend not to include source code and frequently come with usage restrictions.

The report concludes that open source software "plays a more critical role in the [Defense Department] than has generally been recognized," particularly in the areas of infrastructure support, software development, security and research.

The report follows a May Washington Post story that detailed efforts by Microsoft Corp., Redmond, Wash., to encourage Defense Department officials to ban use of open-source software, citing security concerns.

The Mitre report concluded that a hypothetical ban on open-source software "would have immediate, broad, and strongly negative impacts on the ability of many sensitive and security-focused [Defense Department] groups to defend against cyberattacks."

However, it recommended the agency create a "generally recognized as safe" list of proven-safe applications and encourage companies to develop commercial versions of open source software.