Implementation tipsheet

To lay the groundwork for greater use of open-source software in government, Mitre Corp. officials recommend the following three policy steps:

The list should include applications that are commercially supported and widely used, and have proven track records of security and reliability. When considering products for the list, officials should give priority to heavily used applications and tools that provide high value. Examples include Linux, OpenBSD, NetBSD, FreeBSD, Samba, Apache and Perl.

These include policies that encourage the use of commercial products that work well with open-source programs, such as Microsoft Corp. Windows Services for Unix products, which can use open-source development tools. In addition, policies should be created to deal with products — such as Apache and Linux — that are already in use but may not enjoy official approval status.

Having an array of products lowers the risk of cyberattacks based on exploitation of specific products' features or flaws, and adding open-source products is a low-cost way to diversify the overall product mix.

Featured

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

  • IT Modernization
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    VA plans 'strategic review' of $16B software program

    New Veterans Affairs chief Denis McDonough announced a "strategic review" of the agency's Electronic Health Record Modernization program of up to 12 weeks.

Stay Connected