No, complying with OSS licenses is much easier than proprietary licenses if you only use the software in the same way that proprietary software is normally used. (Free in Free software refers to freedom, not price.) OTD includes both OSS and OGOTS/GOSS. Unfortunately, the government must pay for all development and maintenance costs of GOTS; since these can be substantial, GOTS runs the risk of becoming obsolete when the government cannot afford those costs. Font size: 0G: Zero Gravity: Rate it: 106 RQW: 106th Rescue Wing: Rate it: 121ARW: 121st Air Refueling Wing: Rate it: 129 RQW: 129th Rescue Wing: Rate it: 1TS: No.1 Transmitting Station: Rate it: 920RQG: 920th Rescue Group: Rate it: A: Air Force Training . As noted by the 16 October 2009 policy memorandum from the DoD CIO, in almost all cases OSS is a commercial item as defined by US Law (Title 41) and regulation (the FAR). . Bruce Perens noted back in 1999, Do not write a new license if it is possible to use (a common existing license) The propagation of many different and incompatible licenses works to the detriment of Open Source software because fragments of one program cannot be used in another program with an incompatible license. Many view OSS license proliferation as a problem; Serdar Yegulalps 2008 Open Source Licensing Implosion (InformationWeek) noted that not only are there too many OSS licenses, but that the consequences for blithely creating new ones are finally becoming concrete the vast majority of open source products out there use a small handful of licenses Now that open source is becoming (gasp) a mainstream phenomenon, using one of the less-common licenses or coming up with one of your own works against you more often than not. This is in addition to the advantages from OSS because it can be reviewed, modified, and redistributed with few restrictions (inherent in the definition of OSS). The IDA Open Source Migration Guidelines recommend: It also suggests that the following questions need to be addressed: It also recommends ensuring that decisions made now, even if they do not relate directly to a migration, should not further tie an Administration to proprietary file formats and protocols. The term trademark is often used to refer to both trademarks and service marks. The products listed below are evaluated against a NIAP-approved Protection Profile, which encompasses the security requirements and test activities suitable across the technology with no EAL assigned - hence the conformance claim is "PP". These include: If you are looking for smaller pieces of code to reuse, search engines specifically for code may be helpful. Q: What are synonyms for open source software? Using a made-up word that has no Google hits is often a good start, but again, see the PTO site for more information. 1342 the Attorney General drew a distinction that the Comptroller of the Treasury thereafter adopted, and that GAO and the Justice Department continue to follow to this daythe distinction between voluntary services and gratuitous services. Some key text from this opinion, as identified by the red book, are: [I]t seems plain that the words voluntary service were not intended to be synonymous with gratuitous service it is evident that the evil at which Congress was aiming was not appointment or employment for authorized services without compensation, but the acceptance of unauthorized services not intended or agreed to be gratuitous and therefore likely to afford a basis for a future claim upon Congress. Factors that greatly reduce this risk include: Typically not, though the risk varies depending on their contract and specific circumstance. Software licenses, including those for open source software, are typically based on copyright law. In particular, U.S. law (10 USC 2377) requires a preference for commercial products for procurement of supplies or services. No. Use typical OSS infrastructure, tools, etc. African nations hold Women, Peace and Security Panel at AACS 2023. The GTG-F is a collection of web-based applications supporting the continuing evolution of the Department of Defense (DoD) Information Technology Standards. It is far better to fix vulnerabilities before deployment - are such efforts occuring? However, support from in-house staff, augmented by the OSS community, may be (and often is) sufficient. Q: Do choice of venue clauses automatically disqualify OSS licences? The public release of the item is not restricted by other law or regulation, such as the Export Administration Regulations or the International Traffic in Arms Regulation, and the item qualifies for Distribution Statement A, per DoD Directive 5230.24 (reference (i)).". In particular, will it be directly linked with proprietary or classified code? Instead, Government employees must ensure that they do not accept services rendered in the hope that Congress will subsequently recognize a moral obligation to pay for the benefits conferred. In some cases, the sources of information for OSS differ. Thus, if there is an existing contract, you must check the contract to determine the specific situation; the text above merely describes common cases. Services that are intended and agreed to be gratuitous do not conflict with this statute. In addition, an attacker can often acquire the original source code from suppliers anyway (either because the supplier voluntarily provides it, or via attacks against the supplier); in such cases, if only the attacker has the source code, the attacker ends up with another advantage. No, OSS is developed by a wide variety of software developers, and the average developer is quite experienced. In effect, the malicious developer could lose many or all rights over their license-violating result, even rights they would normally have had! Industry Partners / Employers. When considering any software (OSS or proprietary), look for evidence that the risk of unlawful release is low. This is not merely theoretical; in 2003 the Linux kernel development process resisted an attack. Requiring that all developers be cleared first can reduce certain risks (at substantial costs), where necessary, but even then there is no guarantee. The 2003 MITRE study, Use of Free and Open Source Software (FOSS) in the U.S. Department of Defense, did suggest developing a Generally Recognized As Safe (GRAS) list, but such a list has not been developed. Examples of OSS that are in widespread use include: There are many Linux distributions which provides suites of such software such as Red Hat Enterprise Linux, Fedora, SUSE, Debian and Ubuntu. Example: GPL and (unrelated) proprietary applications can be running at the same time on a desktop PC. The owner of the mark exercises control over the use of the mark; however, because the sole purpose of a certification mark is to indicate that certain standards have been met, use of the mark is by others., You dont have to register a trademark to have a trademark. Q: What license should the government or contractor choose/select when releasing open source software? Resources for further information include: In brief, the MIT and 2-clause BSD license are dominated by the 3-clause BSD license, which are all dominated by the LGPL licenses, which are all dominated by the GPL licenses. Similarly, delaying a components OSS release too long may doom it, if another OSS component is released first. Do you have the materials (e.g., source code) and are all materials properly marked? The central theme of 2022 was the U.S. government's deploying of its sanctions, AML . REFERENCES: (a) AFI 33-210, "Air Force Certification and Accreditation (C . Q: Can the government or contractor use trademarks, service marks, and/or certification marks with OSS projects? The usual DoD contract clause (DFARS 252.227-7014) permits this by default. The Secretary of the Air Force approved the activation plan on 25 January 1972 and the college was established 1 April 1972 at Randolph AFB, Texas. Open source software is also called Free software, libre software, Free/open source software (FOSS or F/OSS), and Free/Libre/Open Source Software (FLOSS). There are other ways to reduce the risk of software patent infringement (in the U.S.) as well: Yes, both entirely new programs and improvements of existing OSS have been developed using U.S. government funds. Home use of the antivirus products will not only protect personal PCs, but will also potentially lessen the threat of malicious logic being introduced to the workplace and compromising DoD networks. before starting have a clear understanding of the reasons to migrate; ensure that there is active support for the change from IT staff and users; make sure that there is a champion for change the higher up in the organisation the better; build up expertise and relationships with the OSS movement; ensure that each step in the migration is manageable. By August 1941, American president Franklin Roosevelt and British prime minister Winston Churchill had drafted the Atlantic Charter to define goals for the post-war world. Contact Contracting. Unfortunately, this typically trades off flexibility; the government does not have the right to modify the software, so it cannot fix serious security problems, add arbitrary improvements, or make the software work on platforms of its choosing. DoDIN Approved Products List. However, the public domain portions may be extracted from such a joint work and used by anyone for any purpose. As noted in FAR 27.201-1, Pursuant to 28 U.S.C. Other documents that you may find useful include: An official website of the United States government, Frequently Asked Questions regarding Open Source Software (OSS) and the Department of Defense (DoD). The U.S. government can often directly combine GPL and proprietary, classified, or export-controlled software into a single program arbitrarily, as long as the result is never conveyed outside the U.S. government. This isnt usually an issue because of how typical DoD contract clauses work under the DFARS. Many projects, particularly the large number of projects managed by the Free Software Foundation (FSF), ask for an employers disclaimer from the contributors employer in a number of circumstances. This process provides a single, consolidated list of products that have met cybersecurity and interoperation certification requirements. If the standard DFARS contract clauses are used (see DFARS 252.227-7014), then unless other arrangements are made, the government has unlimited rights to a software component when (1) it pays entirely for the development of it (see DFARS 252.227-7014(b)(1)(i)), or (2) it is five years after contract signature if it partly paid for its development (see DFARS 252.227-7014(b)(2)). Use a common OSS license well-known to be OSS (GPL, LGPL, MIT/X, BSD-new, Apache 2.0) dont write your own license. No. Thus, OSS available to the public and used unchanged is normally COTS. If you are looking for an application that has wide use, one of the various lists of open source alternatives may help. Thus, complex license management processes to track every installation or use of the software, or who is permitted to use the software, is completely unnecessary. An example is (connecting) a GPL utility to a proprietary software component by using the Unix pipe mechanism, which allows one-way flow of data to move between software components. Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134-1706 USA. The list of products, referred to as "Blue sUAS," come from 5 different manufacturers: Skydio, Parrot, Altavian, Teal Drones, and Vantage Robotics. Q: How can you determine if different open source software licenses are compatible? No. The 2003 MITRE study, Use of Free and Open Source Software (FOSS) in the U.S. Department of Defense, for analysis purposes, posed the hypothetical question of what would happen if OSS software were banned in the DoD, and found that OSS plays a far more critical role in the DoD than has been generally recognized (especially in) Infrastructure Support, Software Development, Security, and Research. By definition, OSS software permits arbitrary use of the software, and allows users to re-distribute the software to others. This shows that proprietary software can include functionality that could be described as malicious, yet remain unfixed - and that at least in some cases OSS is reviewed and fixed. Q: When a DoD contractor is developing a new system/software as a deliverable in a typical DoD contract, is it possible to include existing open source software? The WHO was established on 7 April 1948. 1342, Limitation on voluntary services. (2) Medications not on this list, singly or in combination, require review by AFMSA/SG3/5PF (rated officers) and MAJCOM/SG (non-rated personnel). Others do not like the term GOSS, because GOSS is not actually OSS, and they believe the term can be misleading. Some protocols and formats have been specifically devised and reviewed to avoid patents; using them is more likely to avoid problems. As noted above, in nearly all cases, open source software is considered commercial software by U.S. law, the FAR, and the DFARS. As an aid, the Open Source Initiative (OSI) maintains a list of Licenses that are popular and widely used or with strong communities. The Buy American Act does not apply to information technology that is a commercial item, so there is usually no problem for OSS. In some cases, the government obtains the copyright; in those cases, the government can sue for copyright violation. AFCENT/A1RR will publish approved local supplements to the Air Force Reporting Recent rulings have strengthened the requirement for non-obviousness, which probably renders unenforceable some already-granted software patents, but at this time it is difficult to determine which ones are affected. AFCWWTS 2021 BREAKOUT SESSION Coming Soon. MEMORANDUM FOR ALL MAJCOMs/FOAs/DRUs . Air Force Policy Directive 38-1, Manpower and Organization, 2 July 2019 Air Force instruction 33-360, Publications and Forms Management, 1 December 2015 Air Force Manual 33-363, Management of Records, 21 July 2016 Adopted Forms AF Form 847, Recommendation for Change of Publications Many software developers find software patents difficult to understand, making it difficult for them to determine if a given patent even applies to a given program. In this case, the government has the unenviable choice of (1) spending possibly large sums to switch to the new project (which would typically have a radically different interface and goals), or (2) continuing to use the government-unique custom solution, which typically becomes obsolete and leaves the U.S. systems far less capable that others (including those of U.S. adversaries). Q: What policies address the use of open source software (OSS) in the Department of Defense? This has never been true, and explaining this takes little time.