Finally! SecDef signs Clarifying Guidance Regarding Open Source Software

It is official! As of the 16th of October 2009, the United States Department of Defense recognizes Open Source software as Commodity, Off the Shelf (COTS) software, eligible for purchase, read implementation, under the purchasing rules of the Department.

Why is this a big deal? Because, until this point, using Open Source software in any form within the DOD and associated programs required a great deal of scrutiny and in many cases, it meant that it could not be used. Now, before you jump up and tell me about this or that program, yes, Open Source software is used in a number of areas – many in custom applications, but the use is program by program, at the discretion of the program office. Just because on program office says yes to Open Office, does not mean that another program office can use Open Office automatically, even if the mission statement is essentially the same. I am greatly simplifying the issue – the intricacies of the Federal Acquisition Register are frankly byzantine even for those that understand it. This now allows program and departmental level organizations to be able to compete, in a true, fair and open competition the best solution for the mission, and that is a big deal, because up until now, that has not been the case.

As a side note, this memo was discussed in a meeting of Open Source folks I attended in DC more than two years ago. Then it was stuck in the Secretary of the Navy’s office, having been drafted by the staff of the Office of the Naval CIO. The big question everyone was asking at the time was not when would SecNav sign it, but when would SecDef sign it.

This has been a long time coming.


David Lane, KG4GIY is a member of Linux Journal's Editorial Advisory Panel and the Control Op for Linux Journal's Virtual Ham Shack


Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.


Don Calabro's picture

BTW, COTS stands for Commercial of the Shelf, not Commodity, of the Shelf.

David, your a little off base on this one.

Don Calabro's picture

Being a computer scientist for the Army, I've been embroiled in this issue for about 4 years now. The fact of the matter is that open source software is authorized for use, and has been for quite some time in the DoD. As far back as I can remember. The DOD CIO is stating that there are many people and organizations within the DoD that are misinterpreting the regulations and guidance concerning open source software. The CIO is trying to clarify DoD guidance in OSS use. Most of the misinterpretation has been negative. What the CIO is saying is that there is no regulation that says you can't use OSS, and if you do use OSS it is subject to the same controls that COTS is. The CIO is not changing any policies, she's trying to change people's perceptions. In a nutshell the CIO is saying that if OSS can support your program as well or better than proprietary software, and its as cost effective or more cost effective then you should consider OSS. Please read the memo and the very extensive and enlightening FAQ on the DOD CIO's FOSS site at the below URL.

Thank you,

One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix