1

Open Source Software

and

Open Architecture

Open Source Software

and

Open ArchitectureDaniel RisacherASD(NII)/DoD CIO,

Associate Director,Enterprise Services & Integration

Daniel.Risacher@osd.mil

Dan Risacher• Policy wonk for Office of the DoD CIO• Author of the DoD guidance for Open Source Software

(DoD CIO memo, 16 Oct 2009)• PSA representative for CANES & NCES

• 1996-1998: Chief, Ground Support Software, (E-3 AWACS)552nd Computer Systems Squadron, Tinker AFB, OK

2

Who am I?

Open Architecture and Acquisition Reform

• USD(AT&L), 14 Sep 2010 memo: (page 10)

Thoughts on Open Architecture

• Open Architecture is great, but…– Need to simplify rules around IP– we need rules where the PM, COTR, etc. isn't one

mistake away from lock-in• Lesson learned from OSS

– simplified structure of IP management– even a developer can understand– need to expect industry to manage gov’t rights

effectively • Balance competition and cooperation

Open Gov’t Directive 21 Jan 2009, President Obama signed “Memorandum on

Transparency and Open Government” 8 Dec 2009, OMB issued “Open Gov't Directive” Three principles:

Transparency Participation Collaboration

Open Source Software

Defined: computer software that is available in source code form for which the source code and certain other rights normally reserved for copyright holders are provided under a software license that permits users to study, change, and improve the software. [wikipedia]

Formally defined by the Open Source Initiative Closely related; “Free software”

Open Source Def’n 1. Free Redistribution 2. Source Code 3. Derived Works 4. Integrity of The Author's Source Code 5. No Discrimination Against Persons or Groups 6. No Discrimination Against Fields of Endeavor 7. Distribution of License 8. License Must Not Be Specific to a Product 9. License Must Not Restrict Other Software 10. License Must Be Technology-Neutral

OSS Examples

GNU/Linux, Apache, Firefox, OpenOffice.org, MySQL, PostgreSQL, FreeBSD, Darwin (OS X kernel), GCC, Emacs, Eclipse, Java, Mediawiki, PHP, Perl, Python, Ruby, Android, OpenSSH, OpenSSL, OpenSSO, NASA Worldwind, + thousands more

So What?

OSS development model precisely matches the principles of Open Gov't Directive: Transparency Participation Collaboration

Use OSS methods for system development

OSS Dev Model

Developer

TrustedDeveloper

OSS users typically use software without paying licensing fees OSS users typically pay for training & support (competed) OSS users are responsible for developing new improvements &

any evaluations that they need; often cooperate/pay others to do so

Active development community like a consortium

TrustedRepository

Distributor

User

Source Code

Bug Reports

Improvements (as source code) and evaluation results: User as Developer

“Stone soup development”

DevelopmentCommunity

Legal Mandate for OSS

OSS software is COTS Federal law (41 USC 403) clearly defines a commercial item is “(1) Any item, other

than real property, that is of a type customarily used by the general public or by non-governmental entities for purposes [not government-unique], and (i) Has been sold, leased, or licensed to the general public; or (ii) Has been offered for sale, lease, or license to the general public... (3) [Above with] (i) Modifications of a type customarily available in the commercial marketplace; or (ii) Minor modifications… made to meet Federal Government requirements..

In most cases, OSS products also meet the definition of a specific subset of “commercial items”, those defined as “commercial-off-the-shelf items” commonly referred to as “COTS”. Federal law (41 USC 431) defines COTS as being “(A) a commercial item (as described in [41 USC 403])... (B) sold in substantial quantities in the commercial marketplace... and (C) is offered... without modification...

Consideration of suitable COTS required: FAR 2.101, DFARS 212.212

Why else?

Better peer review Source code = Agility

Less vendor lock-in Rapid prototyping

Lower license costs Lower maintenance costs

But pick the best value, regardless!

Gratuitous Advice

To gov’t: Take delivery of your source code. Often.

To industry: Deliver your code Annotated Version-controlled

To both: use OSI-approved licenses whenever appropriate

Example:

Copyright 2010, BigPrime Inc., LittleSub Ltd., FFRDC Corp.The U.S. Government has Unlimited Rights in this computer software pursuant to the clause DFARS 252.227-7014 of contracts no. 1234567890 & 123456791. Any reproduction of this computer software, or portions thereof, marked with this legend must also reproduce these markings.

When/How to contribute OSS?

For DoD, 3 part test: PM decides gov't interest Necessary data rights Not export controlled

“Necessary data rights” is complicated

Thank you for your time and attention

Questions?

15

OSS Users in Government

Military Intelligence Community Federally Funded (USIP, White House, Other) Departments (DOE, DHS, DOD, Treasury) Agencies (NASA, EPA, USDA)

OSS Contributors in Government

Military Intelligence Community Federally Funded (USIP, White House, Other) Departments (DOE, DHS, DOD) Agencies (NOAA, EPA, NASA)

Common & Pervasive

Operating Systems: Linux/GNU, BSD, Darwin, OpenSolaris Security: Snort, OpenSSL, OpenSSH, Kerberos, PGP Web/Application Layer: Apache, Jboss, Plone, Zope, nginx,

Tomcat GCC Firefox Postgresql, MySQL, SQLite, ZODB OpenLDAP, Sendmail, Bind, Samba, Xfree86 Programming Languages: Java/JVM, Ruby, Python, PHP,

Perl, Tcl/Tk

Contributions By Military

Army: BRL-CAD GRASS (Geo Resources Analysis Support)

(Army Corps of Engineers) USAF:

FalconView Marines

OSIMM, OMAR Navy

Delta3D

Contributions By Federally Funded

White House: Drupal (use) Drupal modules (contributed)

U.S. Institute of Peace: Open Simulation Platform

NIST: Expect STEP Class Library

Institute of Museum and Library Services: Evergreen

Contributions By Federally Funded

The Smithsonian Astrophysical Laboratory Inline::SLang

U.S. Postal Service: PTS (Product Tracking System)

Contributions By Intelligence

CIA: Apache Lucene (search)

NSA: SELinux, OpenBSD

Contributions By Departments

Department of Energy: COUGAAR

Department of Labor: EZRO (EZ Reusable Objects)

Veterans Affairs: OpenVista

Contributions By Agencies

NOAA: QGIS (QT Geographic Information System)

EPA: OpenNode

DISA: Forge.mil OSCMIS (Open Source Corporate Management System)

USDA: WikiWatershed: http://www.cnpp.usda.gov/Innovations/innovations-release-12-09-09.pdf

Contributions By Agencies

NASA: World Wind Growler Surfer Mesh ECHO NodeMon Pour Swim Many, many more:

http://ti.arc.nasa.gov/opensource/projects