Feeds

MS, Intel backed outfit slams DoD OSS study and ‘viral’ GPL

Campaigning for choice, or against GPL?

  • alert
  • submit to reddit

Combat fraud and increase customer satisfaction

A 'pro-choice' group with backing from Microsoft and Intel has mounted what can best be described as an eccentric attack on Mitre Corporation's recent report 'Use of Free and Open Source Software US Department of Defense,' which was itself commissioned by the DoD. The report, over 152 pages, surveyed use of FOSS (its own coinage) in the DoD, and came up with several relatively mild conclusions and recommendations.

The counterblast, from the Initiative for Software Choice, takes a mere seven pages to be rather less mild. It opposes the DoD openly promoting FOSS, which wasn't exactly a Mitre recommendation. Mitre suggests the DoD create a 'safe list' of approved FOSS products, and it kind of depends whether or not you count 'approved' as a term which easily morphs into 'encouraged.' Mitre, we'll own, does suggest some encouragement to "promote product diversity," but how you interpret that again depends on where you stand.

The ISC then accuses Mitre of asking a 'hypothetical' question when it considers the possible effects of a ban on FOSS software at the DoD. To the ISC's knowledge, it harumphs, "no one seriously seeks a ban on FOSS at the DoD." This particular paper tiger cuts both ways, but provides a handy link to the ISC's own obsession because the question "perpetuates the 'either-or' supposition being advanced by the marketers of OSS products and services that OSS and proprietary products cannot - or rather, should not - operate together, in heterogeneous environments." The ISC was set up with the ostensible mission of fighting legislative initiatives to mandate OSS and/or ban use of proprietary profits in government; it is like one of those people we all know who're perfectly sane 90 per cent of the time, but who turn into eye-bulging, purple-cheeked ranting loons when the subject of - say - model railway gauges, or Jack the Ripper, or who really wrote Shakespeare, comes up.

Except the loony bit is the entire raison d'etre of the ISC.

Granted, nobody within the DoD is seriously (out loud, anyway) seeking to ban Open Source, but there's a considerable amount of lobbying from external contractors and would-be contractors (some of them beginning with 'M') on the subject of how profoundly damaging the "viral" nature of the GPL would be to the DoD's activities. Which sounds like a 'bannit' lobby to us.

And it's the point where the ISC (one of whose loon trigger-words is 'viral') warms to its theme:

"However, where government-frunded R&D is involved, application of the restrictive GPL takes on an altogether different meaning. The Study notes that over 50 percent of the DoD's OSS products are GPL-based. Thus, because of the GPL's 'transitive user rights,' at least half of the DoD's OSS efforts, were they to be more widely disseminated, would largely forcelose proprietary and/or hybrid companies from further developing the software and commercializing the results. The same is true for any outside R&D funded by the DoD - if it GPL-based, proprietary companies cannot directly benefit from it.

"Limiting those who would otherwise participate from coming to the table reduces the ultimate usefulness of any software solution developed through federal R&D... Promoting the public availability of federally funded R&D inventions through commercialization has served America well.. This elective policy remains sound, and does not warrant being changed, especially in light of America's need for enhanced security, post 9-11."

Whew... But where does this 'change of policy' notion come from, bulging-eyed little friend? The reasoning, if we deconstruct it right, is that if the DoD were to 'promote' FOSS, it would hence promote GPL software, and thus destroy the government-private partnership that made America great, with the integrity of America's security systems as collateral damage. Right...

So who are these people anyway? Tricky. The ISC was founded in May, and is chaired by CompTIA (Computer Technology Industry Association), a long-standing and fairly large industry grouping which chose the Microsoft side of the barricades as regards the MS-DoJ settlement. Despite its youth, the ISC has a strangely large and geographically diverse membership list. If any of the companies listed there would care to tell us how they got there and why, we'd be pleased to listen.

The outfit also has a handy page listing the dangerous initiatives it's taking a view on. Here it supports "neutral policy promotion" in the UK, and opposes proposed laws making OSS compulsory in Israel, Portugal, Colombia and the Ukraine. Some of you lot may want to bookmark this page for entirely the wrong reasons... ®

Related links:
ISC document
Mitre report

SANS - Survey on application security programs

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
IRS boss on XP migration: 'Classic fix the airplane while you're flying it attempt'
Plus: Condoleezza Rice at Dropbox 'maybe she can find ... weapons of mass destruction'
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
New Facebook phone app allows you to stalk your mates
Nearby Friends feature goes live in a few weeks
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.