In TAO https://tarxiv.org/tao Volume 2003 https://tarxiv.org/tao.2003 Issue 01 https://tarxiv.org/tao.2003‑01
Abstract
This report documents the results of a study by The MITRE Corporation on the use of free and open-source software (FOSS) in the U.S. Department of Defense (DoD). FOSS gives users the right to run, copy, distribute, study, change, and improve it as they see fit, without asking permission or making fiscal payments to any external group or person. The study showed that FOSS provides substantial benefits to DoD security, infrastructure support, software development, and research. Given the openness of its source code, the finding that FOSS profoundly benefits security was both counterintuitive and instructive. Banning FOSS in DoD would remove access to exceptionally well-verified infrastructure components such as OpenBSD and robust network and software analysis tools needed to detect and respond to cyber-attacks. Finally, losing the hands-on source code accessibility of FOSS source code would reduce DoD’s ability to respond rapidly to cyberattacks. In short, banning FOSS would have immediate, broad, and strongly negative impacts on the DoD’s ability to defend the U.S. against cyberattacks. For infrastructure support, the deep historical ties between FOSS and the emergence of the Internet mean that removing FOSS applications would strongly negatively impact the DoD’s ability to support web and Internet-based applications. Software development would be hit especially hard due to many leading-edge and broadly used tools being FOSS. Finally, the loss of access to low-cost data processing tools and the inability to share results in the more potent form of executable FOSS software would seriously and negatively impact nearly all forms of scientific and data-driven research.