Feeds

MS, Intel backed outfit slams DoD OSS study and ‘viral’ GPL

Campaigning for choice, or against GPL?

  • alert
  • submit to reddit

Internet Security Threat Report 2014

A 'pro-choice' group with backing from Microsoft and Intel has mounted what can best be described as an eccentric attack on Mitre Corporation's recent report 'Use of Free and Open Source Software US Department of Defense,' which was itself commissioned by the DoD. The report, over 152 pages, surveyed use of FOSS (its own coinage) in the DoD, and came up with several relatively mild conclusions and recommendations.

The counterblast, from the Initiative for Software Choice, takes a mere seven pages to be rather less mild. It opposes the DoD openly promoting FOSS, which wasn't exactly a Mitre recommendation. Mitre suggests the DoD create a 'safe list' of approved FOSS products, and it kind of depends whether or not you count 'approved' as a term which easily morphs into 'encouraged.' Mitre, we'll own, does suggest some encouragement to "promote product diversity," but how you interpret that again depends on where you stand.

The ISC then accuses Mitre of asking a 'hypothetical' question when it considers the possible effects of a ban on FOSS software at the DoD. To the ISC's knowledge, it harumphs, "no one seriously seeks a ban on FOSS at the DoD." This particular paper tiger cuts both ways, but provides a handy link to the ISC's own obsession because the question "perpetuates the 'either-or' supposition being advanced by the marketers of OSS products and services that OSS and proprietary products cannot - or rather, should not - operate together, in heterogeneous environments." The ISC was set up with the ostensible mission of fighting legislative initiatives to mandate OSS and/or ban use of proprietary profits in government; it is like one of those people we all know who're perfectly sane 90 per cent of the time, but who turn into eye-bulging, purple-cheeked ranting loons when the subject of - say - model railway gauges, or Jack the Ripper, or who really wrote Shakespeare, comes up.

Except the loony bit is the entire raison d'etre of the ISC.

Granted, nobody within the DoD is seriously (out loud, anyway) seeking to ban Open Source, but there's a considerable amount of lobbying from external contractors and would-be contractors (some of them beginning with 'M') on the subject of how profoundly damaging the "viral" nature of the GPL would be to the DoD's activities. Which sounds like a 'bannit' lobby to us.

And it's the point where the ISC (one of whose loon trigger-words is 'viral') warms to its theme:

"However, where government-frunded R&D is involved, application of the restrictive GPL takes on an altogether different meaning. The Study notes that over 50 percent of the DoD's OSS products are GPL-based. Thus, because of the GPL's 'transitive user rights,' at least half of the DoD's OSS efforts, were they to be more widely disseminated, would largely forcelose proprietary and/or hybrid companies from further developing the software and commercializing the results. The same is true for any outside R&D funded by the DoD - if it GPL-based, proprietary companies cannot directly benefit from it.

"Limiting those who would otherwise participate from coming to the table reduces the ultimate usefulness of any software solution developed through federal R&D... Promoting the public availability of federally funded R&D inventions through commercialization has served America well.. This elective policy remains sound, and does not warrant being changed, especially in light of America's need for enhanced security, post 9-11."

Whew... But where does this 'change of policy' notion come from, bulging-eyed little friend? The reasoning, if we deconstruct it right, is that if the DoD were to 'promote' FOSS, it would hence promote GPL software, and thus destroy the government-private partnership that made America great, with the integrity of America's security systems as collateral damage. Right...

So who are these people anyway? Tricky. The ISC was founded in May, and is chaired by CompTIA (Computer Technology Industry Association), a long-standing and fairly large industry grouping which chose the Microsoft side of the barricades as regards the MS-DoJ settlement. Despite its youth, the ISC has a strangely large and geographically diverse membership list. If any of the companies listed there would care to tell us how they got there and why, we'd be pleased to listen.

The outfit also has a handy page listing the dangerous initiatives it's taking a view on. Here it supports "neutral policy promotion" in the UK, and opposes proposed laws making OSS compulsory in Israel, Portugal, Colombia and the Ukraine. Some of you lot may want to bookmark this page for entirely the wrong reasons... ®

Related links:
ISC document
Mitre report

Choosing a cloud hosting partner with confidence

More from The Register

next story
Preview redux: Microsoft ships new Windows 10 build with 7,000 changes
Latest bleeding-edge bits borrow Action Center from Windows Phone
Google opens Inbox – email for people too thick to handle email
Print this article out and give it to someone tech-y if you get stuck
Microsoft promises Windows 10 will mean two-factor auth for all
Sneak peek at security features Redmond's baking into new OS
FTDI yanks chip-bricking driver from Windows Update, vows to fight on
Next driver to battle fake chips with 'non-invasive' methods
UNIX greybeards threaten Debian fork over systemd plan
'Veteran Unix Admins' fear desktop emphasis is betraying open source
Entity Framework goes 'code first' as Microsoft pulls visual design tool
Visual Studio database diagramming's out the window
Google+ goes TITSUP. But WHO knew? How long? Anyone ... Hello ...
Wobbly Gmail, Contacts, Calendar on the other hand ...
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.