1 daniel risacher asd(nii)/dod cio, associate director, enterprise services & integration...
TRANSCRIPT
1
Open Source Software
and
Open Architecture
Open Source Software
and
Open ArchitectureDaniel RisacherASD(NII)/DoD CIO,
Associate Director,Enterprise Services & Integration
Dan Risacher• Policy wonk for Office of the DoD CIO• Author of the DoD guidance for Open Source Software
(DoD CIO memo, 16 Oct 2009)• PSA representative for CANES & NCES
• 1996-1998: Chief, Ground Support Software, (E-3 AWACS)552nd Computer Systems Squadron, Tinker AFB, OK
2
Who am I?
Open Architecture and Acquisition Reform
• USD(AT&L), 14 Sep 2010 memo: (page 10)
Thoughts on Open Architecture
• Open Architecture is great, but…– Need to simplify rules around IP– we need rules where the PM, COTR, etc. isn't one
mistake away from lock-in• Lesson learned from OSS
– simplified structure of IP management– even a developer can understand– need to expect industry to manage gov’t rights
effectively • Balance competition and cooperation
Open Gov’t Directive 21 Jan 2009, President Obama signed “Memorandum on
Transparency and Open Government” 8 Dec 2009, OMB issued “Open Gov't Directive” Three principles:
Transparency Participation Collaboration
Open Source Software
Defined: computer software that is available in source code form for which the source code and certain other rights normally reserved for copyright holders are provided under a software license that permits users to study, change, and improve the software. [wikipedia]
Formally defined by the Open Source Initiative Closely related; “Free software”
Open Source Def’n 1. Free Redistribution 2. Source Code 3. Derived Works 4. Integrity of The Author's Source Code 5. No Discrimination Against Persons or Groups 6. No Discrimination Against Fields of Endeavor 7. Distribution of License 8. License Must Not Be Specific to a Product 9. License Must Not Restrict Other Software 10. License Must Be Technology-Neutral
OSS Examples
GNU/Linux, Apache, Firefox, OpenOffice.org, MySQL, PostgreSQL, FreeBSD, Darwin (OS X kernel), GCC, Emacs, Eclipse, Java, Mediawiki, PHP, Perl, Python, Ruby, Android, OpenSSH, OpenSSL, OpenSSO, NASA Worldwind, + thousands more
So What?
OSS development model precisely matches the principles of Open Gov't Directive: Transparency Participation Collaboration
Use OSS methods for system development
OSS Dev Model
Developer
TrustedDeveloper
OSS users typically use software without paying licensing fees OSS users typically pay for training & support (competed) OSS users are responsible for developing new improvements &
any evaluations that they need; often cooperate/pay others to do so
Active development community like a consortium
TrustedRepository
Distributor
User
Source Code
Bug Reports
Improvements (as source code) and evaluation results: User as Developer
“Stone soup development”
DevelopmentCommunity
Legal Mandate for OSS
OSS software is COTS Federal law (41 USC 403) clearly defines a commercial item is “(1) Any item, other
than real property, that is of a type customarily used by the general public or by non-governmental entities for purposes [not government-unique], and (i) Has been sold, leased, or licensed to the general public; or (ii) Has been offered for sale, lease, or license to the general public... (3) [Above with] (i) Modifications of a type customarily available in the commercial marketplace; or (ii) Minor modifications… made to meet Federal Government requirements..
In most cases, OSS products also meet the definition of a specific subset of “commercial items”, those defined as “commercial-off-the-shelf items” commonly referred to as “COTS”. Federal law (41 USC 431) defines COTS as being “(A) a commercial item (as described in [41 USC 403])... (B) sold in substantial quantities in the commercial marketplace... and (C) is offered... without modification...
Consideration of suitable COTS required: FAR 2.101, DFARS 212.212
Why else?
Better peer review Source code = Agility
Less vendor lock-in Rapid prototyping
Lower license costs Lower maintenance costs
But pick the best value, regardless!
Gratuitous Advice
To gov’t: Take delivery of your source code. Often.
To industry: Deliver your code Annotated Version-controlled
To both: use OSI-approved licenses whenever appropriate
Example:
Copyright 2010, BigPrime Inc., LittleSub Ltd., FFRDC Corp.The U.S. Government has Unlimited Rights in this computer software pursuant to the clause DFARS 252.227-7014 of contracts no. 1234567890 & 123456791. Any reproduction of this computer software, or portions thereof, marked with this legend must also reproduce these markings.
When/How to contribute OSS?
For DoD, 3 part test: PM decides gov't interest Necessary data rights Not export controlled
“Necessary data rights” is complicated
Thank you for your time and attention
Questions?
15
OSS Users in Government
Military Intelligence Community Federally Funded (USIP, White House, Other) Departments (DOE, DHS, DOD, Treasury) Agencies (NASA, EPA, USDA)
OSS Contributors in Government
Military Intelligence Community Federally Funded (USIP, White House, Other) Departments (DOE, DHS, DOD) Agencies (NOAA, EPA, NASA)
Common & Pervasive
Operating Systems: Linux/GNU, BSD, Darwin, OpenSolaris Security: Snort, OpenSSL, OpenSSH, Kerberos, PGP Web/Application Layer: Apache, Jboss, Plone, Zope, nginx,
Tomcat GCC Firefox Postgresql, MySQL, SQLite, ZODB OpenLDAP, Sendmail, Bind, Samba, Xfree86 Programming Languages: Java/JVM, Ruby, Python, PHP,
Perl, Tcl/Tk
Contributions By Military
Army: BRL-CAD GRASS (Geo Resources Analysis Support)
(Army Corps of Engineers) USAF:
FalconView Marines
OSIMM, OMAR Navy
Delta3D
Contributions By Federally Funded
White House: Drupal (use) Drupal modules (contributed)
U.S. Institute of Peace: Open Simulation Platform
NIST: Expect STEP Class Library
Institute of Museum and Library Services: Evergreen
Contributions By Federally Funded
The Smithsonian Astrophysical Laboratory Inline::SLang
U.S. Postal Service: PTS (Product Tracking System)
Contributions By Intelligence
CIA: Apache Lucene (search)
NSA: SELinux, OpenBSD
Contributions By Departments
Department of Energy: COUGAAR
Department of Labor: EZRO (EZ Reusable Objects)
Veterans Affairs: OpenVista
Contributions By Agencies
NOAA: QGIS (QT Geographic Information System)
EPA: OpenNode
DISA: Forge.mil OSCMIS (Open Source Corporate Management System)
USDA: WikiWatershed: http://www.cnpp.usda.gov/Innovations/innovations-release-12-09-09.pdf
Contributions By Agencies
NASA: World Wind Growler Surfer Mesh ECHO NodeMon Pour Swim Many, many more:
http://ti.arc.nasa.gov/opensource/projects