CommunityNews

CommunityNews

DOD: Guidance on Software Development and Open Source Software (pdf)

MEMORANDUM FOR SENIOR PENTAGON LEADERSHIP COMMANDANT OF THE COAST GUARD

COMMANDERS OF THE COMBATANT COMMANDS DEFENSE AGENCY AND DOD FIELD ACTIVITY DIRECTORS

SUBJECT: Software Development and Open Source Software

Over the last two decades, open source software (OSS) has dramatically impacted how software is designed, developed, deployed, and operated. OSS is software for which the human­ readable source code is available for use, study, re-use, modification, enhancement, and re­ distribution by the users of such software. There are millions of publicly-available OSS components, libraries, and applications capable of accelerat;ng software modernization activities.

The Department’s 2018 Cyber Strategy (attached) directed the Department to increase the use of secure OSS and to use commercial off-the-shelf tools when possible. The Department’s forthcoming Software Modernization Strategy centers on the delivery of resilient software capability at the speed of relevance. OSS forms the bedrock of the software-defined world and is critical in delivering software faster. The Department must clearly articulate how, where, and when it participates, contributes, and interacts with the broader OSS community.

There are two fundamental concerns for the Department that are specific to OSS. First, using externally maintained code in critical systems potentially creates a path for adversaries to introduce malicious code into DoD systems. This concern requires a careful supply chain risk management (SCRM) approach for OSS, which must meet the same rigorous standards for SCRM and cyber threat testing as any other product. Second, imprudent sharing of code developed for DoD systems potentially benefits adversaries by disclosing key innovations. This risk is managed through a Modular, Open-Systems Approach (MOSA), which allows systems to benefit from OSS while protecting critical, innovative components as separate modules.

Pursuant to Federal Source Code Policy (reference (b)) and Public Law 115-91, Section 875 (reference (c)), Attachment 2 provides detailed guidance on the Department’s participation, contribution, and interaction with the broader OSS community. Additional guidance concerning OSS is available at Open Source Software FAQ. The point of contact for this effort is Dan Risacher.

Read in full here:

This thread was posted by one of our members via one of our news source trackers.

Popular General Dev topics Top

AstonJ
Apple co-founder Steve Wozniak is suing YouTube for allegedly allowing scammers to use images and videos of him to defraud people. The s...
New
First poster: mafinar
The following languages will help current and new web developers navigate the programming landscape to code web-based services and apps t...
New
First poster: HenryCost
I wired my tree with 500 LED lights and calculated their 3D coordinates… If you support me on Patreon at any point in December 2020 I wi...
New
First poster: andrea
What’s the real cost of interruptions? I illustrate all the context developers keep in their head and how it starts to decay immediately ...
New
First poster: AstonJ
In one sense, the Truth Mines were just another indexscape. Hundreds of thousands of specialized selections of the library’s contents wer...
New
First poster: AstonJ
:tada: Launching Fig I am excited to announce that, as of today, Fig is generally available to the public for download. With our public ...
New
First poster: bot
MEMORANDUM FOR SENIOR PENTAGON LEADERSHIP COMMANDANT OF THE COAST GUARD COMMANDERS OF THE COMBATANT COMMANDS DEFENSE AGENCY AND DOD FIEL...
New
First poster: joeb
The File System Access API with Origin Private File System. WebKit supports new API that makes it possible for web apps to create, open,...
New
First poster: bot
When Zig is safer and faster than Rust. There are endless debates online about Rust vs. Zig, this post explores a side of the argument I...
New
First poster: jkdiaz
Dark mode isn’t as good for your eyes as you believe. The shadowy display mode has leagues of fans claiming it helps reduce eye strain, ...
New

Other popular topics Top

DevotionGeo
I know that these benchmarks might not be the exact picture of real-world scenario, but still I expect a Rust web framework performing a ...
New
dasdom
No chair. I have a standing desk. This post was split into a dedicated thread from our thread about chairs :slight_smile:
New
New
dimitarvp
Small essay with thoughts on macOS vs. Linux: I know @Exadra37 is just waiting around the corner to scream at me “I TOLD YOU SO!!!” but I...
New
PragmaticBookshelf
“A Mystical Experience” Hero’s Journey with Paolo Perrotta @nusco Ever wonder how authoring books compares to writing articles?...
New
New
AstonJ
Was just curious to see if any were around, found this one: I got 51/100: Not sure if it was meant to buy I am sure at times the b...
New
Help
I am trying to crate a game for the Nintendo switch, I wanted to use Java as I am comfortable with that programming language. Can you use...
New
husaindevelop
Inside our android webview app, we are trying to paste the copied content from another app eg (notes) using navigator.clipboard.readtext ...
New
AstonJ
Curious what kind of results others are getting, I think actually prefer the 7B model to the 32B model, not only is it faster but the qua...
New