Chances are, if you find yourself reading this, you already know some of the ways open-source software (OSS) standards affect software development. Even so, developing software for the federal government presents its own special set of issues that are further complicated by OSS standards.
In this environment, companies must evaluate the government’s ambivalence toward open-source software, as well as navigate the considerable challenges to protecting intellectual property (IP) when federal procurement regulations and OSS licenses apply.
A Love-Hate Relationship with OSS
When it comes to software procurement, the government has adopted a strongly pro-OSS stance. For example, recent policy guidance from the Department of Defense (DoD) chief information officer states that the DoD “must follow an ‘Adopt, Buy, Create’ approach to software, preferentially adopting existing government or OSS solutions before buying proprietary offerings.”
For over a decade now, the DoD and other federal agencies have recognized the critical advantages provided by widespread use of well-vetted OSS. These advantages include rapid adaptability to new applications, robust, effective, and error-free code and lowered risk of vendor lock-in.
However, these advantages are potentially offset by two substantial risks that concern the DoD: 1) OSS can present an ingress point for malicious code, and 2) if improperly shared, OSS can allow adversaries to gain knowledge of national capabilities, limitations and vulnerabilities whose secrecy is vital to U.S. security interests.
Notwithstanding these potential drawbacks, the benefits of using OSS have led the DoD to deem all software “open by default” (i.e., releasable as OSS), with notable exceptions based on whether the software:
- Was developed for “national security systems,” meaning information systems supporting intelligence activities, cryptologic activities, military command and control or weapons systems