Here are the facts. Some open source software is secure and some is not — just like propriety software. So how do you know if the open source software you want to use is secure? “You evaluate it,” said David Wheeler, an expert on developing secure software who helped develop the Defense Department’s open source policy. “One advantage of OSS is that you can easily evaluate it in more detail, and others can do the same.
That doesn’t automatically mean
The OSS is secure, but it does give you a better chance to understand your options.” One of the big misconceptions is that anyone can change the kernel, or the core of an open source operating system, said Deborah Bryant, who also leads the Open Source Initiative’s public policy working group. “It’s a very disciplined, structured methodology, and there’s a gatekeeper that makes the decision about any code that goes in.” Because everyone can look at the code, anyone can spot problems with it, including bugs, and report them.
In one DoD analysis of open source,
One unexpected finding was the degree to which security depends on open source software. Banning it would remove certain types of infrastructure overseas chinese in australia components that support DoD network security, according to the report. It would also limit the department’s access to and expertise in using powerful open source applications that hostile groups could use to help stage cyberattacks.
Do is using open source software to support
A number of missions, including a NATO mission to here are some rules for what a good help advise Afghan officials on how to rebuild the country. The department’s digital team tg data developed a beta version of the tool in less than four months and released the project on Code.gov. It enables NATO advisers to keep tabs on who has received training. The DoD team installed the software on.
A classified secret server in Afghanistan
Then released the self-contained project as open source. Assuming all the information exchanged as part of the NATO mission is classified and confidential, wouldn’t releasing the tool as open source pose a national security risk? The short answer: no. Open source doesn’t mean releasing personally identifiable information, Alvand Salehi, White House Senior Technology Advisor, said during a keynote at the May 2017 O’Reilly Open Source Convention in Austin.