Yesterday I spoke at MIL-OSS at the Georgia Tech Research Institute (thanks to the audience and the organizers) and talked about our technology and open source strategy, but the highlight of the day for me was when my former colleague David Wheeler explained Jim Stogdill’s phrase “code is maneuver” and its implications for open source: because the effectiveness of militaries will be increasingly dependent on their software, the ability to modify, patch, and improve that software (and of course to secure the systems and networks running that software) will be increasingly decisive in conflicts.
When open source gets pitched to the Hill and AT&L, a strong case can be made for it on national security grounds: government purpose rights mean less in practice than they do in theory, and Uncle Sam should have the four freedoms for (e.g.) the F-22 avionics code, and not just for webservers. (More generally, anyone who pays for custom code should either press for these freedoms or get a deep discount.) It’s important here to note that open source does not need to mean “released to the public”: it’s really not that hard to license even highly classified code under an open-source license and still deal with classification and ITAR restrictions appropriately.
There will be a lot of inertia against this. Procurement and management execs care more about how much money they control than almost anything else, and the easiest way to spend a lot of money (as someone commented during a panel session) is to write the same software over and over again. But it’s important to note that open source software generally creates wealth and markets for the public, even if it adversely affects the bottom line of pure-proprietary software companies. Their business models are not an excuse to needlessly duplicate time, money, and effort on projects–and certainly not to artificially impede the performance of our military and government.
Security concerns seem to dominate the open-source debate, moreso than cost effectiveness/agility IMO. Unfortunately it won’t be resolved soon (obscurity vs handing over your code to your enemies), if ever.
It’s not necessary to hand over the code to anyone. Open source just means that anyone you hand a binary to should also get the source code. And code can be dual-licensed so that allies only get binaries.