Free Newsletter
HOT TOPICS >> Cloud computing | Cybersecurity | Gov 2.0 | Fiscal 2013 | Mobile | Transparency | GAO reports
AGENCY NEWS >> Defense | NASA | Homeland Security | NIST | OMB | Veterans Affairs | NARA | GSA
Latest News
Media Partner
Free Newsletter
FierceGovernmentIT tracks the latest technological developments in the U.S. government. Join more than 17,000 federal/state decision makers and IT executives who get FierceGovernmentIT via email. Sign up today!
About | View Sample | Privacy
Whitepapers
- Cloud Computing: Threat or opportunity for VARs and MSPs? Special focus on cloud collaboration and messaging
- Innovative Solutions for Database and DBA Management
- The Top 4 Reasons Your Telecom Expense Management Provider Shouldn't Manage Your Wireless
- Storage Consolidation: Best of Both Worlds
- Efficiency On Demand
- Virtual Game Changer
DISA revises software guideline clarifying open source rules
The Defense Information Systems Agency has updated the Application Security & Development Security Technical Implementation Guide, clarifying a commonly-misunderstood Defense Department policy that many saw as a hurdle to open source software use at DoD.
AppDev STIG (Version 3, Release 4), published Oct. 28, states that software only requires designated approving authority if:
- The source code is not available to review, repair and extend; and
- If there is a limited warranty or no warranty, but a warranty is required for mission accomplishment.
"Since OSS has source code available, this category of software can be maintained for security fixes and patched for known vulnerabilities. The Program Manager can elect to maintain OSS," states the revised AppDev STIG.
Posters to a military open source software forum said the update removes a major roadblock to open source software implementation.
Under previous versions of the AppDev STIG, many believed using OSS in the DoD required special permission by default because "open source" was thrown in with the requirements for "public domain, shareware, freeware, and other software products/libraries with no warranty," explains David A. Wheeler, research staff member at Alexandria, Va.-based Institute for Defense Analyses, in a blog post.
This misunderstanding was due to the fact that the AppDev STIG had long-referenced DCPD-1 Public Domain Software Controls (.pdf) from February 2003, rather than 2009 OSS guidance (.pdf) from the DoD chief information officer, says Wheeler.
The updated AppDev STIG refers to the DoD OSS policy of 2009, and includes improved definitions for "OSS" and "commercial" software.
STIGs are the security guidelines and checklists developed by DISA (and required under DoD Directive 8500.01E) that technology are required to conform to before they're fielded.
For more:
- see AppDev STIG (Version 3, Release 4)
- see Wheeler's blog post
- see the Mil-OSS Google Groups thread
Related Articles:
Voultepsis touts 'government open source software'
No forking, says DoD open source report
Open source in government still difficult, say conference attendees
SHARE WITH:
Home
| Subscribe | Advertise | Mobile Edition | RSS |
Privacy
| Site Map
| EditorsTHE FIERCEMARKETS NETWORKFierceEnergy | FierceSmartGrid | FierceFinance | FierceFinanceIT | FierceComplianceIT | FierceHealthcare | FierceHealthFinance | FierceHealthIT | Hospital Impact | FierceMobileHealthcare | FierceHealthPayer | FiercePracticeManagement | FierceEMR | FierceCIO | FierceCIO:TechWatch | FierceContentManagement | FierceMobileIT | FierceGovernmentIT | FierceGovernment | FierceHomelandSecurity | FierceBiotech | FierceBiotech Research | FiercePharma | FierceVaccines | FierceBiotechIT | FiercePharma Manufacturing | FierceMedicalDevices | FierceDrugDelivery | FierceCRO | FierceIPTV | FierceOnlineVideo | FierceTelecom | FierceEnterpriseCommunications | FierceBroadbandWireless | FierceDeveloper | FierceMobileContent | FierceWireless | FierceWireless:Europe | FierceCable© 2012 FierceMarkets. All rights reserved. |
 |
