[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 13/01/12 09:03, Martijn Grooten wrote: > > Yes, I'm not saying I can't see the case to be made for it. It's just > that I imagine it goes against the whole secretive nature of the > military. The military are not as secretive as all that, besides since most terms of popular FOSS licences apply to redistribution there is no reason for "outsiders" to know you are using it, or to distribute changes to them unless they are already sharing software with them. I suspect just like the rest of government, and most big organisations, the military unnecessarily duplicates a lot of software simply because they aren't good at recognising shared requirements across departments. I dare say for some bits secrecy makes that slightly worse, but probably not as much as you might think. On the upside the military have clear chains of command and responsibility compared to much of government or industry so relatively easy say for someone in the Royal Marines to find the appropriate person in the Paras if they feel they have a shared requirement and want to know how it was met by the other group. I dare say the same is true in America. Now intelligence is probably a different kettle of fish, don't the US have something like 5 intelligence agencies, and I dare say communication is more difficult, especially as some of them are in quite different areas of intelligence. But again these agencies have formal protocols for exchange of information, so whilst it is probably slower than the military to exchange such information the channels are probably even more clearly defined, although it'll limit the informal exchange (I dare say they use secondment to exchange that sort of knowledge). My experience is that the strict procedures over spending money in such organisations is a big incentive to use suitably qualified gratis solutions. Whilst the requirements on security sensitive stuff to be tested, or shown to correctly use encryption protocols, prevents wider deployment of (probably) perfectly good free software solutions because they often don't have large organisations behind them paying for testing and certification. http://dodcio.defense.gov/sites/oss/Open_Source_Software_%28OSS%29_FAQ.htm#Q:_Does_the_DoD_use_OSS_for_security_functions.3F Q: Does the DoD use OSS for security functions? Yes. The 2003 MITRE study, "Use of Free and Open Source Software (FOSS) in the U.S. Department of Defense", for analysis purposes, posed the hypothetical question of what would happen if OSS software were banned in the DoD, and found that OSS "plays a far more critical role in the DoD than has been generally recognized... (especially in) Infrastructure Support, Software Development, Security, and Research". In particular, it found that DoD security "depends on (OSS) applications and strategies", and that a hypothetic ban "would have immediate, broad, and in some cases strongly negative impacts on the ability of the DoD to analyze and protect its own networks against hostile intrusion. This is in part because such a ban would prevent DoD groups from using the same analysis and network intrusion applications that hostile groups could use to stage cyberattacks. It would also remove the uniquely (OSS) ability to change infrastructure source code rapidly in response to new modes of cyberattack". -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq