Stenbit tells open-source users: Check that legality

Open-source software should be held to the same levels of security and licensing accountability as commercial software, John Stenbit, Defense Department chief information officer, said in a May 28 memorandum.

"DoD components acquiring, using or developing [open-source software] must comply with all lawful licensing requirements," wrote Stenbit, who is also assistant secretary for command, control, communications and intelligence for the Defense Department. "As licensing provisions may be complex, the DoD components are strongly encouraged to consult their legal counsel to ensure that the legal implications of the particular license are fully understood."

The memo on open-source software use in the Defense Department noted that modified open-source code is "subject to the same license terms and conditions as the regular code." This means that if an agency or integrator rewrites open-source code to add new functionality, the modified code may fall under the same licensing agreement as the original code.

Stenbit singled out the GNU Public License, the license that Linux falls under, as an example of this licensing.

In March, Unix vendor SCO Group of Lindon, Utah, sued IBM Corp., Armonk, N.Y., for $1 billion over misuse of the intellectual property rights to the Unix operating system. The company claimed that some of the Unix proprietary code under SCO's purview that it licensed to IBM was inappropriately added to Linux. In May, SCO warned enterprise users of Linux that they might be held liable for unauthorized use of its property.

Bradley Westpfahl, director of IBM's government industry programs group, could not comment on the suit or on its possible effect on the government customers who use Linux-based IBM solutions.

Stenbit's memo also reminded defense offices that all open-source software, such as commercial software, must comply with requirements set by the National Security Telecommunications and Information Systems Security Policy No. 11. This requires that agencies use only technology that has been validated to meet information assurance requirements for secure networks.

A (PDF) copy of the memo may be found at the Web site for George Washington University's Center of Open Source and Government.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here


  • POWER TRAINING: How to engage your customers

    Don't miss our Aug. 2 Washington Technology Power Training session on Mastering Stakeholder Engagement, where you'll learned the critical skills you need to more fully connect with your customers and win more business. Read More


    In our latest Project 38 Podcast, editor Nick Wakeman interviews Tom Romeo, the leader of Maximus Federal about how it has zoomed up the 2019 Top 100. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.