Again, if this is the case, then the contractor cannot release the software as OSS without permission, because the contractor doesnt own the copyright. In some cases, it may be wise to release software under multiple licenses (e.g., LGPL version 2.1 and version 3, GPL version 2 and 3), so that users can then pick which license they will use. If you have concerns about using in-house staff, augmented by the OSS community for those components, then select and pay a commercial organization to provide the necessary support. Indeed, according to Walli, Standards exist to encourage & enable multiple implementations. Her work has appeared in Air Force Magazine, Inside Defense, Inside Health Policy, the Frederick News-Post (Md. Fundamentally, a standard is a specification, so an open standard is a specification that is open. (Supports Block Load, Room-by-Room Load, Zone-by-Zone and Adequate Exposure Diversity or AED Calculations) Wrightsoft Right-J8. Establish vetting process(es) before government will use updated versions (testing, etc.). This formal training is supplemented by extensive on-the-job training and accumulated hands on experience gained throughout the Service member's career. In particular, will it be directly linked with proprietary or classified code? On approval, such containers are granted a "Certificate to Field" designation by the Air Force Chief Software Officer. U.S. courts have determined that the GPL does not violate anti-trust laws. Factors that greatly reduce this risk include: Typically not, though the risk varies depending on their contract and specific circumstance. Since OSS provides source code, there is no problem. This might occur, for example, if the government originally only had Government Purpose Rights (GPR), but later the government received unlimited rights and released the software as OSS. Include upgrade/maintenance costs, including indirect costs (such as hardware replacement if necessary to run updated software), in the TCO. Military orders. This can create an avalanche-like virtuous cycle. DoDIN APL is managed by the APCO | disa.meade.ie.list.approved-products-certification-office@mail.mil. Adtek Acculoads. 10 USC 2377 requires that the head of an agency shall ensure that procurement officials in that agency, to the maximum extent practicable: Similarly, it requires preliminary market research to determine whether there are commercial services or commercial products or, to the extent that commercial products suitable to meet the agencys needs are not available, nondevelopmental items other than commercial items available that (A) meet the agencys requirements; (B) could be modified to meet the agencys requirements; or (C) could meet the agencys requirements if those requirements were modified to a reasonable extent. This market research should occur before developing new specifications for a procurement by that agency; and before soliciting bids or proposals for a contract in excess of the simplified acquisition threshold.. This is in part because such a ban would prevent DoD groups from using the same analysis and network intrusion applications that hostile groups could use to stage cyberattacks. If there is an existing contract, you must check the contract to determine the specific situation; the text above merely describes common cases. After all, most proprietary software licenses explicitly forbid modifying (or even reverse-engineering) the program, so the GPL actually provides additional rights not present in most proprietary software. Q: What is the legal basis of OSS licenses? Around the Air Force: Accelerating the Legacy, Expanding Cyber Resiliency, Poppy Seed Warning. Open systems and open standards counter dependency on a single supplier, though only if there is a competing marketplace of replaceable components. This does not mean that the DoD will reject using proprietary COTS products. Examples of the former include Red Hat, Canonical, HP Enterprise, Oracle, IBM, SourceLabs, OpenLogic, and Carahsoft. That said, this does not mean that all OSS is superior to all proprietary software in all cases by all measures. Others can obtain permission to use a copyrighted work by obtaining a license from the copyright holder. There are valid business reasons, unrelated to security, that may lead a commercial company selling proprietary software to choose to hide source code (e.g., to reduce the risk of copyright infringement or the revelation of trade secrets). Distribution Mixing GPL and other software can be stored and transmitted together. Each hosting service tends to be focused on particular kinds of projects, so prefer a hosting service that well-matches the project. It may be found at, US Army Regulation 25-2, paragraph 4-6.h, provides guidance on software security controls that specifically addresses open source software. This risk is mitigated by reviewing software (in particular, for classification and export control issues) before public release. The release of the software may be restricted by the International Traffic in Arms Regulation (ITAR) or Export Administration Regulation (EAR). Do you have permission to release to the public (classification, distribution statements, export controls)? Air Force - (618)-229-6976, DSN 779. It is only when the OSS is modified that additional OSS terms come into play, depending on the OSS license. The 2003 MITRE study, Use of Free and Open Source Software (FOSS) in the U.S. Department of Defense, identified some of many OSS programs that the DoD is already using, and concluded that OSS plays a more critical role in the [Department of Defense (DoD)] than has generally been recognized. Even if OSS has no cost to download, there is still a cost for OSS due to installation, support, and so on (whether done in-house or through external organizations). As noted above, in software, Open Source refers to software for which the human-readable source code is available for use, study, re-use, modification, enhancement, and re-distribution by the users of such software. Q: Does releasing software under an OSS license count as commercialization? It's like it dropped off the face of the earth. OSS and Security/Software Assurance/System Assurance/Supply Chain Risk Management. Once an invention is released to the public, the inventor has only one year to file for a patent, so any new ideas in some software must have a patent filed within one year by that inventor, or (in theory) they cannot be patented. Adobe Acrobat Reader software is copyrighted software which gives users instant access to documents in their original form, independent of computer platform. DFARS 252.227-7014(a)(15) defines unlimited rights as rights to use, modify, reproduce, release, perform, display, or disclose computer software or computer software documentation in whole or in part, in any manner and for any purpose whatsoever, and to have or authorize others to do so. 75th Anniversary Article. In most cases, contributors to OSS projects intend for their contributions to be gratuitous, and provide them for all (not just for the Federal government), clearly distinguishing such OSS contributions from the voluntary services that the ADA was designed to prevent. Each government program must determine its needs, and then evaluate its options for meeting those needs. Currently there are no IO Certificates available for this Tracking Number. While this argument may be valid, we know of no court decision or legal opinion confirming this. . Are there guidance documents on OGOTS/GOSS? Read More 616th OC Airmen empower each other. However, such malicious code cannot be directly inserted by just anyone into a well-established OSS project. It is available at, The Office of Management and Budget issued a memorandum providing guidance on software acquisition which specifically addressed open source software on 1 Jul 2004. This is in addition to the advantages from OSS because it can be reviewed, modified, and redistributed with few restrictions (inherent in the definition of OSS). The services focus on bringing automated software tools, services and standards to DOD programs so that warfighters can create, deploy, and operate software applications in a secure, flexible, and . This has a reduced likelihood if the program is niche or rarely-used, has few developers, uses a rare computer language, or is not really OSS. is a survey paper that provides quantitative data that, in many cases, using open source software / free software (abbreviated as OSS/FS, FLOSS, or FOSS) is a reasonable or even superior approach to using their proprietary competition according to various measures.. (its) goal is to show that you should consider using OSS/FS when acquiring software. Any inconsistencies in this solicitation or contract shall be resolved by giving precedence in the following order: (1) the schedule of supplies/services; (2) the Assignments, Disputes, Payments, Invoice, Other Compliances, and Compliance with Laws Unique to Government Contracts paragraphs of this clause; (3) the clause at 52.212-5; (4) addenda to this solicitation or contract, including any license agreements for computer software; . 2019 Approved Software Developers and Transmitters (PDF 51.18 KB) Updated April 15, 2020. Headquartered in Geneva, Switzerland, it has six regional offices and 150 field offices worldwide.. Browse 817 acronyms and abbreviations related to the Air Force terminology and jargon. Gartner Groups Mark Driver stated in November 2010 that, Open source is ubiquitous, its unavoidable having a policy against open source is impractical and places you at a competitive disadvantage.. 1342, Limitation on voluntary services, US Government Accountability Office (GAO) Office of the General Counsels Principles of Federal Appropriations Law (aka the Red Book), the 1982 decision B-204326 by the U.S. Comptroller General, How to Evaluate Open Source Software / Free Software (OSS/FS) Programs, Capgeminis Open Source Maturity Model (OSMM), Top Tips For Selecting Open Source Software, Open Source memo doesnt mandate a support vendor (by David Perera, FierceGovernmentIT, May 23, 2012), Code Analysis of the Linux Wireless Teams ath5k Driver, DFARS subpart 227.70infringement claims, licenses, and assignments, Prior Art and Its Uses: A Primer, by Theodore C. McCullough, this NASA Jet Propulsion Laboratory (JPL) project became a top level open source Apache Software Foundation project in 2011, Geographic Resources Analysis Support System (GRASS), Publicly Releasing Open Source Software Developed for the U.S. Government, CENDIs Frequently Asked Questions About Copyright, GPL FAQ, Question Can the US Government release a program under the GNU GPL?, Free Software Foundation License List, Public Domain, GPL FAQ, Question Can the US Government release improvements to a GPL-covered program?, Publicly Releasing Open Source Software Developed for the U.S. Government by Dr.David A. Wheeler, DoD Software Tech News, February 2011, U.S. Code Title 41, Chapter 7, Section 103, follow standard source installation release practices, Open Source Software license by the Open Source Initiative (OSI), Free Software license by the Free Software Foundation (FSF), Many view OSS license proliferation as a problem, Serdar Yegulalps 2008 Open Source Licensing Implosion (InformationWeek), Open Source Initiative (OSI) maintains a list of Licenses that are popular and widely used or with strong communities, licenses accepted by the Google code hosting service, Producing Open Source Software: How to Run a Successful Free Software Project by Karl Fogel, Open Technology Development (OTD): Lessons Learned & Best Practices for Military Software, Recognizing and Avoiding Common Open Source Community Pitfalls, Releasing Free/Libre/Open Source Software (FLOSS) for Source Installation, GNU Coding Standards, especially on the release process, Wikipedias Comparison of OSS hosting facilities page, U.S. Patent and Trademark Office (PTO) page Trademark basics, U.S. Patent and Trademark Office (PTO) page Should I register my mark?, Open Technology Development Lessons Learned, Office of the Director of National Intelligence (ODNI) Government Open-Source Software (GOSS) Handbook for Govies, Military - Open Source Software (MIL-OSS) DoD/IC discussion list, Hosted by Defense Media Activity - WEB.mil, Open source software licenses are reviewed and approved as conforming to the, In practice, an open source software license must also meet the, Fedora reviews licenses and publishes a list of, The Department of Navy CIO issued a memorandum with guidance on open source software on 5 Jun 2007. Q: When a DoD contractor is developing a new system/software as a deliverable in a typical DoD contract, is it possible to use existing software licensed using the GNU General Public License (GPL)? This enables cost-sharing between users, as with proprietary development models. The program available to the public may improve over time, through contributions not paid for by the U.S. government. Where possible, software developed partly by government funds should broken into a set of smaller components at the lowest practicable level so the rules can be applied separately to each one. Typically this will include source code version management system, a mailing list, and an issue tracker. REFERENCES: (a) AFI 33-210, "Air Force Certification and Accreditation (C . Specific patents can also be authorized using clause FAR 52.227-5 or via listed exceptions of FAR 52.227-3. TCG LinkPRO, TCG BOSS, and TCG GTS all earn placement on DOD's OTI evaluated/approved products list. If there are reviewers from many different backgrounds (e.g., different countries), this can also reduce certain risks. An alternative is to not include the OSS component in the deliverable, but simply depend on it, as long as that is acceptable to the government. Part of the ADA, Pub.L. The Linux kernel project requires that a person proposing a change add a Signed-off-by tag, attesting that the patch, to the best of his or her knowledge, can legally be merged into the mainline and distributed under the terms of (the license).. Similarly, delaying a components OSS release too long may doom it, if another OSS component is released first. Open source software is also called Free software, libre software, Free/open source software (FOSS or F/OSS), and Free/Libre/Open Source Software (FLOSS). The certification affirms that the Air Force OTI is authorized to use ASTi's products, which now appear in the OTI Evaluated/Approved Products List (OTI E/APL). For at least 7 years, Borlands Interbase (a proprietary database program) had embedded in it a back door; the username politically, password correct, would immediately give the requestor complete control over the database, a fact unknown to its users. As noted by the 16 October 2009 policy memorandum from the DoD CIO, in almost all cases OSS is a commercial item as defined by US Law (Title 41) and regulation (the FAR). Government employees may also modify existing open source software. These formats may, but need not, be the same. An example of such software is Expect, which was developed and released by NIST as public domain software. Requiring the use of very unusual development tools may impede development, unless those tools provide a noticeable advantage. If the supplier attains a monopoly or it is difficult to switch from the supplier, the costs may skyrocket. In some other cases, the government lacks the rights to release the software to the public, e.g., the government may only have Government Purpose Rights (GPR). By some definitions this is technically not an open source license, because no license is needed, but such public domain software can be legally used, modified, and combined with other software without restriction. Atty Gen.51 (1913)) that has become the leading case construing 31 U.S.C. The public release also makes it easy to have copies of versions in many places, and to compare those versions, making it easy for many people to review changes. In the Intelligence Community (IC), the term open source typically refers to overt, publicly available sources (as opposed to covert or classified sources). Once software exists, all costs are due to maintenance and support of software. OSS programs can typically be simply downloaded and tried out, making it much easier for people to try it out and encouraging widespread use. The release may also be limited by patent and trademark law. The release of the software may be restricted by the International Traffic in Arms Regulation or Export Administration Regulation. Cisco takes a deep dive into the latest technologies to get it done. It also risks reduced flexibility (including against cyberattack), since OSS permits arbitrary later modification by users in ways that some other license approaches do not. AFCENT/A1RR will publish approved local supplements to the Air Force Reporting Open standards can aid open source software projects: Note that open standards aid proprietary software in exactly the same way. However, the required FAR Clause 52.212-4(d) establishes that This contract is subject to the Contract Disputes Act of 1978, as amended (41 U.S.C. Note that when government employees develop software as part of their official duties, it can be protected by copyright in other countries, but note that these can only be enforced outside the US. This is important for releasing OSS, because the government can release software as OSS if it has unlimited rights. Wikipedia maintains an encyclopedia using approaches similar to open source software approaches. However, if the goal is to encourage longevity and cost savings through a commonly-maintained library or application, protective licenses may have some advantages, because they encourage developers to contribute their improvements back into a single common project.