DOD's new rules promote open source

New Defense Department guidance puts open-source software on the same level as commercial software and urges DOD agencies to evaluate it on an equal basis with proprietary offerings. The guidance also encourages services to share copies of open-source software internally wherever possible

"To effectively achieve its missions, the Department of Defense must develop and update its software-based capabilities faster than ever, to anticipate new threats and respond to continuously changing requirements," wrote acting DOD Chief Information Officer David Wennergren, in a cover letter to the guidance, which was issued Oct. 16.  "The use of Open Source Software can provide advantages in this regard."

The new guidance answers a wide variety of questions that have arisen within the military ranks about the use of open-source software, particularly around procurement and sharing. It supersedes earlier guidance, issued in 2003 by then-CIO John Stenbit.

Military services procuring software should regard open-source as just another form of commercial software, the guidance states. When evaluating possible software choices, the agency should consider the benefits of open-source, such as how the code is peer-reviewed, the freedom from potential vendor-lock in, potential licensing issues about reusing the software and the potential cost-savings.

"While these considerations may be relevant, they may not be the overriding aspects to any decision about software," the guidance states. "Ultimately, the software that best meets the needs and mission of the Department should be used, regardless of whether the software is open-source." The memo also warns that services should not use open-source software without some sort of support contract.

The guidance also states that the programming code of open-source software is “data” as defined by DOD Directive 8320.02. Because "open-source licenses authorize widespread dissemination of the licensed software," the military can share open-source programs across the entire department.

The guidance also clarifies that any changes a service makes to an open-source program do not necessarily have to be shared with the public, though changes that do not compromise national security, such as code fixes and enhancements, should be shared wherever possible.

Questions about the memorandum can directed to Daniel Risacher, who handles enterprise services and integration issues for the office.