A weakly-protective license is a compromise between the two, preventing the covered library from becoming proprietary yet permitting it to be embedded in larger proprietary works. In this case, the government has the unenviable choice of (1) spending possibly large sums to switch to the new project (which would typically have a radically different interface and goals), or (2) continuing to use the government-unique custom solution, which typically becomes obsolete and leaves the U.S. systems far less capable that others (including those of U.S. adversaries). Rachel Cohen joined Air Force Times as senior reporter in March 2021. The purpose of Department of Defense Information Network Approved Products List (DODIN APL) is to maintain a single consolidated list of products that have completed Interoperability (IO) and Cybersecurity certification. As more improvements are made, more people can use the product, creating more potential users as developers - like a snowball that gains mass as it rolls downhill. Observing the output from inputs is often sufficient for attack. Choose a license that has passed legal reviews and is clearly accepted as an OSS license. Commander offers insight during Black History celebration at Oklahoma Capitol.
Zoom or Not? NSA Offers Agencies Guidance for Choosing - Nextgov Contractors for other federal agencies may have a different process to use, but after going through a process they can often release such software as open source software. OSS licenses and projects clearly approve of commercial support. As noted by the 16 October 2009 policy memorandum from the DoD CIO, in almost all cases OSS is a commercial item as defined by US Law (Title 41) and regulation (the FAR). Q: Does the DoD use OSS for security functions? Defense Information Systems Agency (DISA), National Centers of Academic Excellence in Cybersecurity (NCAE-C), Public Key Infrastructure/Enabling (PKI/PKE), https://dl.dod.cyber.mil/wp-content/uploads/home/img/img1.jpg. As noted above, in nearly all cases, open source software is considered commercial software by U.S. law, the FAR, and the DFARS. Others do not like the term GOSS, because GOSS is not actually OSS, and they believe the term can be misleading. Public Law 115-232 defines OSS defines OSS as software for which the human-readable source code is available for use, study, re-use, modification, enhancement, and re-distribution by the users of such software. - The award authority will establish the maximum award nomination length (number of . The program available to the public may improve over time, through contributions not paid for by the U.S. government. Browse 817 acronyms and abbreviations related to the Air Force terminology and jargon. Very Important Notes: The Public version of DoD Cyber Exchange has limited content. In practice, OSS projects tend to be remarkably clean of such issues. Control enhancement CM-7(8) states that an organization must prohibit the use of binary or machine-executable code from sources with limited or no warranty or without the provision of source code. Thus, if there is an existing contract, you must check the contract to determine the specific situation; the text above merely describes common cases. The following externally-developed evaluation processes or tips may be of use: Migrating from an existing system to an OSS approach requires addressing the same issues that any migration involves. Many analyses focus on versions of the GNU General Public License (GPL), since this is the most common OSS license, but analyses for other licenses are also available. U.S. law governing federal procurement U.S. Code Title 41, Section 103 defines commercial product as including a product, other than real property, that (A) is of a type customarily used by the general public or by nongovernmental entities for purposes other than governmental purposes; and (B) has been sold, leased, or licensed, or offered for sale, lease, or license, to the general public. As noted in Technical Data and Computer Software: A Guide to Rights and Responsibilities Under Federal Contracts, Grants and Cooperative Agreements by the Council on Governmental Relations (COGR), This unlimited license enables the government to act on its own behalf and to authorize others to do the same things that it can do, thus giving the government essentially the same rights as the copyright owner. In short, once the government has unlimited rights, it has essentially the same rights as a copyright holder, and can then use those rights to release that software under a variety of conditions (including an open source software license), because it has the use and modify the software at will, and has the right to authorize others to do so. By some definitions this is technically not an open source license, because no license is needed, but such public domain software can be legally used, modified, and combined with other software without restriction. Look at the Numbers! Many software developers find software patents difficult to understand, making it difficult for them to determine if a given patent even applies to a given program. Note that this sometimes depends on how the program is used or modified. OSS implementations can help create and keep open standards open. Thus, public domain software provides recipients all of the rights that open source software must provide. They can obtain this by receiving certain authorization clauses in their contracts. . 2518(4)(B) says that, An article is a product of a country or instrumentality only if (i) it is wholly the growth, product, or manufacture of that country or instrumentality, or (ii) in the case of an article which consists in whole or in part of materials from another country or instrumentality, it has been substantially transformed into a new and different article of commerce with a name, character, or use distinct from that of the article or articles from which it was so transformed. The CBP also pointed out a ruling (Data General v. United States, 4 CIT 182 (1982)), that programming a PROM performed a substantial transformation. However, it must be noted that the OSS model is much more reflective of the actual costs borne by development organizations. Support for OSS is often sold separately for OSS; in such cases, you must comply with the support terms for those uses to receive support, but these are typically the same kinds of terms that apply to proprietary software (and they tend to be simpler in practice). Bases. The cases are too complicated to summarize here, other than to say that the GPLv2 was clearly regarded as enforceable by the courts. First of all, being a US firm has little relationship to the citizenship of its developers and its suppliers developers. This General Service Administration (GSA . Examples include: If you know of others who have similar needs, ask them for leads. Similarly, U.S. Code Title 41, Section 104 defines the term Commercially available off-the-shelf (COTS) item; software is COTS if it is (a) a commercial product, (b) sold in substantial quantities in the commercial marketplace, and (c) is offered to the Federal Government, without modification, in the same form in which it is sold in the commercial marketplace. One way to deal with potential export control issues is to make this request in the same way as approving public release of other data/documentation. MEMORANDUM FOR ALL MAJCOMs/FOAs/DRUs . OSS COTS is especially appropriate when there is an existing OSS COTS product that meets the need, or one can be developed and supported by a wide range of users/co-developers. This makes the expectations clear to all parties, which may be especially important as personnel change. In either case, it is important to understand that GOSS is typically not OSS, though GOSS may be a stepping stone towards later OSS release.
MDA - Software Utilities - Missile Defense Agency The public release also makes it easy to have copies of versions in many places, and to compare those versions, making it easy for many people to review changes. Here is an explanation of these categories, along with common licenses used in each category (see The Free-Libre / Open Source Software (FLOSS) License Slide): In general, legal analysis is required to determine if multiple programs, covered by different OSS licenses, can be legally combined into a single larger work. Many development tools covered by the GPL include libraries and runtimes that are not covered by the GPL itself but the GPL with a runtime exception (e.g., the CLASSPATH exception) that specifically permits development of proprietary software. Once an invention is released to the public, the inventor has only one year to file for a patent, so any new ideas in some software must have a patent filed within one year by that inventor, or (in theory) they cannot be patented. As with all commercial items, the DoD must comply with the items license when using the item. U.S. government contractors (including those in the DoD) are often indemnified from patent infringement by the U.S. government as part of their contract. In Wallace vs. FSF, Judge Daniel Tinder stated that the GPL encourages, rather than discourages, free competition and the distribution of computer operating systems and found no anti-trust issues with the GPL. An example of such software is Expect, which was developed and released by NIST as public domain software. This memo is available at, The Open Technology Development Roadmap was released by the office of the Deputy Under Secretary of Defense for Advanced Systems and Concepts, on 7 Jun 2006. The use of software with a proprietary license provides absolutely no guarantee that the software is free of malicious code. 150 Vandenberg Street, Suite 1105 . When considering any software (OSS or proprietary), look for evidence that the risk of unlawful release is low. It points to various studies related to market share, reliability, performance, scalability, security, and total cost of ownership. Proprietary COTS is especially appropriate when there is an existing proprietary COTS product that meets the need. The example of Borlands InterBase/Firebird is instructive. These decisions largely held that the GNU General Public License, version 2 was enforceable in a series of five related legal cases loosely referred to as Versata v. Ameriprise, although there were related suits against Versata by XimpleWare. when it implements novel functionality which is not already available to the public, and which significantly improves DoD mission outcomes or business processes. This Open Source Software FAQ was originally developed on Intellipedia, using a variety of web browsers including Mozilla Firefox. We maintain more than 8,000 acres of land, a physical plant of over 16 million square feet and provide operational support for more than 100 associate units located at Wright-Patterson.