Defense

Report: DOD must embrace open-source software

Shutterstock image. Copyright: wavebreakmedia

The Defense Department increasingly relies on software for everything from weapons systems to accounting, but it is failing to capitalize on the power of open-source software, according to a report from the Center for a New American Security.

In "Open Source Software and the Department of Defense," CNAS argues that a number of cultural factors, biases and regulatory barriers are keeping DOD from embracing open-source options.

"Unfortunately, software development is not currently a high-profile, high-priority topic in the discussion about diminishing U.S. military technical superiority," the report states. "It should be."

Industry relies heavily on open-source software with great success, and DOD's continued reliance on proprietary code is more expensive, slows innovation and puts America's warfighters at greater risk, according to CNAS.

The report states that using more open-source code would spur innovation, simplify accreditation, encourage interagency collaboration, increase competition and drive down costs.

A new federal policy released on Aug. 8 calls for greater use of open-source software across government, but DOD and other national security agencies are exempt from it.

CNAS said many of the arguments made by DOD and national security officials that open source is unsecure and vulnerable have been debunked.

"Increased public scrutiny of code has led to identification and reconciliation of problems that were not discovered through 'closed' quality checks," the report states. "Further, closed-source [versions of] products like Microsoft have been riddled with security flaws and issues, some of which were significant zero-day exploits of widely used, commercially available products."

The authors further wrote that, "in spite of clear evidence to the contrary, many defense professionals continue to believe that the use of open-source software licenses means that adversaries will see and manipulate the code used in DOD systems."

However, "the United States does not derive its military technical superiority from source code, but from the effective integration and adaptation of its doctrine, organization, training, materiel, leadership and education, personnel, and facilities."

In addition, the report argues that DOD can create proprietary code based on open source "and can do so without sharing those changes back to the open-source community."

"Considering the DOD's top-down apathy toward and difficulty with using open-source methods, one glaring question remains: Why is there continued bottom-up support for open-source software and methods within the DOD?" the authors wrote.

The report does credit DOD for using open-source software successfully, though it does so "infrequently and on an ad hoc basis." It cites the Persistent Close Air Support system, which relies on Android devices, and General Atomics drones and ground stations that operate on Linux, "a switch that was made after Windows-based systems proved vulnerable to malware."

CNAS said the primary hurdle to greater implementation of open-source code is culture. "The DOD is a large bureaucracy, [and] open-source methods, though widely used in industry and even in the defense establishment, are not considered standard practice inside the Pentagon, and change is hard."

The report highlights additional barriers, such as management philosophies, a system that favors proprietary vendors and outdated acquisition protocols.

Addressing those challenges is among the recommendations in the report.

Other recommendations include having DOD's senior leaders set the tone by embracing open-source software, adopting the use of such software and platforms as their default position, and integrating open source into future innovation and acquisition reforms.

CNAS also urged DOD to create a taskforce to develop methodologies that would ease the sharing of open-source code.

DOD did not provide a response to the report by the time of publication.

About the Author

Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.


Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.