air force approved software list 2021 air force approved software list 2021

But in practice, publicly-released OSS nearly always meets the various government definitions for commercial computer software and thus is nearly always considered commercial software. Contractors for other federal agencies may have a different process to use, but after going through a process they can often release such software as open source software. As with all commercial items, the DoD must comply with the items license when using the item. GOTS is especially appropriate when the software must not be released to the public (e.g., it is classified) or when licenses forbid more extensive sharing (e.g., the government only has government-purpose rights to the software). Choose a license that is recognized as an Open Source Software license by the Open Source Initiative (OSI), a Free Software license by the Free Software Foundation (FSF), and is acceptable to widely-used Linux distributions (such as being a good license for Fedora). ), the . No, DoD policy does not require you to have commercial support for OSS, but you must have some plan for support. Flight Inspection. Video conferencing platforms Zoom and Microsoft Teams are both FedRamp approved, but while Zoom offers end-to-end encryption, Microsoft Teams does not, according to the National Security Agency . The program available to the public may improve over time, through contributions not paid for by the U.S. government. When taking this approach, contractors hired to modify the software must not retain copyright or other rights to the result (else the software would be conveyed outside the U.S. government); see GPL version 3 section 2, paragraph 2 which states this explicitly. As of 2021, the terms freeware and shareware, do not appear to have official definitions used by the United States Government, but historically (for example in the now-superseded DoD Instruction 8500.2) these terms have been used specifically for software distributed without cost where the Government does not have access to the original source code. For almost as long as smartphones have existed, defense IT leaders have wondered aloud whether they'd ever be able to securely implement a bring-your-own-device (BYOD) approach to military networks. As an aid, the Open Source Initiative (OSI) maintains a list of Licenses that are popular and widely used or with strong communities. Intellipedia is implemented using MediaWiki, the open source software developed to implement Wikipedia. DoDIN APL is managed by the APCO | disa.meade.ie.list.approved-products-certification-office@mail.mil. In this case, the government has the unenviable choice of (1) spending possibly large sums to switch to the new project (which would typically have a radically different interface and goals), or (2) continuing to use the government-unique custom solution, which typically becomes obsolete and leaves the U.S. systems far less capable that others (including those of U.S. adversaries). Commander offers insight during Black History celebration at Oklahoma Capitol. At project start, the project creators (who create the initial trusted repository) are the trusted developers, and they determine who else may become a trusted developer of this initial trusted repository. The Customs and Border Protection (CBP) has said, in an advisory ruling, that the country of origin of software is the place where the software is converted into object code (Software comes from the place where its converted into object code, says CBP, FierceGovernmentIT), for purposes of granting waivers of certain Buy American restrictions in U.S. law or practice or products offered for sale to the U.S. Government.. Many projects, particularly the large number of projects managed by the Free Software Foundation (FSF), ask for an employers disclaimer from the contributors employer in a number of circumstances. The DoD has not expressed a position on whether or not software should be patented, but it is interested in ensuring that software that effectively supports its missions can be developed in a cost-effective, timely, and legal manner. OSS projects typically seek financial gain in the form of improvements. Cyberspace Capabilities Center Re-designation Ceremony Nov 7, 1300. Application Mixing GPL can rely on other software to provide it with services, provided either that those services are either generic (e.g., operating system services) or have been explicitly exempted by the GPL software designer as non-GPL components. There are substantial benefits, including economic benefits, to the creation and distribution of copyrighted works under public licenses that range far beyond traditional license royalties The choice to exact consideration in the form of compliance with the open source requirements of disclosure and explanation of changes, rather than as a dollar-denominated fee, is entitled to no less legal recognition. Even when the original source is necessary for in-depth analysis, making source code available to the public significantly aids defenders and not just attackers. when it implements novel functionality which is not already available to the public, and which significantly improves DoD mission outcomes or business processes. These licenses include the MIT license, revised BSD license (and its 2-clause variant), the Apache 2.0 license, the GNU Lesser General Public License (LGPL) versions 2.1 or 3, and the GNU General Public License (GPL) versions 2 or 3. By dominate, that means that when software is merged which have those pairs of licenses, the dominating license essentially governs the resulting combination because the dominating license essentially includes all the key terms of the other license. If the government has received copyright (e.g., because the FAR 52.227-17 or DFARS 252.227-7020 clauses apply) then the government can release the software as open source software. Example: GPL software can be stored on the same computer disk as (most kinds of) proprietary software. Contracts under the federal government FAR, but not the DFARS, often use clause FAR 52.227-14 (Rights in Data - General). FROM: Air Force Authorizing Official . Established Oct. 1, 2013, the Defense Health Agency is the centerpiece of Military Health System governance reform, as outlined in the Deputy Secretary of Defense's March 11, 2013 Memorandum "Implementation of Military Health System Governance Reform." The DHA's role is to achieve greater integration of our direct and purchased health care delivery systems so that we accomplish the . However, if the goal is to encourage longevity and cost savings through a commonly-maintained library or application, protective licenses may have some advantages, because they encourage developers to contribute their improvements back into a single common project. Control enhancement CM-7(8) states that an organization must prohibit the use of binary or machine-executable code from sources with limited or no warranty or without the provision of source code. Many software developers find software patents difficult to understand, making it difficult for them to determine if a given patent even applies to a given program. Is it COTS? Also, US citizens can attempt to embed malicious code into software, and many non-US citizens develop software without embedding malicious code. Department of the Air Force updates policies, procedures to recruit for the future. 40 CFR, Section 252.227-7014 Rights in Noncommercial Computer Software and Noncommercial Computer Software Documentation defines Commercial computer software as software developed or regularly used for non-governmental purposes which: (i) Has been sold, leased, or licensed to the public; (ii) Has been offered for sale, lease, or license to the public; (iii) Has not been offered, sold, leased, or licensed to the public but will be available for commercial sale, lease, or license in time to satisfy the delivery requirements of this contract; or (iv) Satisfies a criterion expressed in paragraph (a)(1)(i), (ii), or (iii) of this clause and would require only minor modification to meet the requirements of this contract.. Q: What are the major types of open source software licenses? Any software not listed on the Approved Software List is prohibited. Using a standard license simplifies collaboration and eliminates many legal analysis costs. In Wallace vs. FSF, Judge Daniel Tinder stated that the GPL encourages, rather than discourages, free competition and the distribution of computer operating systems and found no anti-trust issues with the GPL. If the intent of a contract is to develop software to be released as open source software, it is best to expressly include release as OSS as part of the contract. Q: What policies address the use of open source software (OSS) in the Department of Defense? By August 1941, American president Franklin Roosevelt and British prime minister Winston Churchill had drafted the Atlantic Charter to define goals for the post-war world. These decisions largely held that the GNU General Public License, version 2 was enforceable in a series of five related legal cases loosely referred to as Versata v. Ameriprise, although there were related suits against Versata by XimpleWare. Clarifying Guidance Regarding Open Source Software (OSS), a list of licenses which have successfully gone through the approval process and comply with the Open Source Definition, publishes a list of licenses that meet the Free Software Definition, good licenses that Fedora has determined are open source software licenses, Federal Source Code Policy, OMB Memo 16-21, National Defense Authorization Act for FY2018, http://www.doncio.navy.mil/contentview.aspx?id=312, http://www.dtic.mil/dtic/tr/fulltext/u2/a450769.pdf, http://www.whitehouse.gov/omb/memoranda/fy04/m04-16.html, http://www.army.mil/usapa/epubs/pdf/r25_2.pdf, Defense Federal Acquisition Regulation Supplement (DFARS), 40 CFR, Section 252.227-7014 Rights in Noncommercial Computer Software and Noncommercial Computer Software Documentation, European Interoperability Framework (EIF), Bruce Perens Open Standards: Principles and Practice, U.S. Court of Appeals for the Federal Circuits 2008 ruling on Jacobsen v. Katzer, The Free-Libre / Open Source Software (FLOSS) License Slide, GPL linking exception term (such as the Classpath exception), Maintaining Permissive-Licensed Files in a GPL-Licensed Project: Guidelines for Developers (Software Freedom Law Center), Creative Commons does not recommend that you use one of their licenses for software, GPL FAQ, Can I use the GPL for something other than software?, GPL FAQ, Who has the power to enforce the GPL?, 2003 MITRE study, Use of Free and Open Source Software (FOSS) in the U.S. Department of Defense, Secure Programming for Linux and Unix HOWTO, in 2003 the Linux kernel development process resisted an attack, Software comes from the place where its converted into object code, says CBP, FierceGovernmentIT, Gartner Groups Mark Driver stated in November 2010, Estimating the Total Development Cost of a Linux Distribution, Open Source Software for Imagery & Mapping (OSSIM), Open Source Alternatives (Ben Balter et al.). DSEI 2021, ExCel, LONDON, UK - 14 September 2021 - Curtiss-Wright's Defense Solutions division (Bays 22-26 ExCeL Exhibition Centre), a trusted supplier of tactical data link (TDL) software and hardware solutions engineered to succeed, announced that it has received certification from . The more potential users, the more potential developers. The NSA/CSS Evaluated Products Lists equipment that meets NSA specifications. Do not use spaces when performing a product number/title search (e.g. Lawmakers also approved the divestment of 13 . You can support OSS either through a commercial organization, or you can self-support OSS; in either case, you can use community support as an aid. Developers/reviewers need security knowledge. Where it is important, examining the security posture of the supplier (the OSS project) and scanning/testing/evaluating the software may also be wise. There are other ways to reduce the risk of software patent infringement (in the U.S.) as well: Yes, both entirely new programs and improvements of existing OSS have been developed using U.S. government funds. This can create an avalanche-like virtuous cycle. These prevent the software component (often a software library) from becoming proprietary, yet permit it to be part of a larger proprietary program. Similarly, in Wallace v. IBM, Red Hat, and Novell, the U.S. Court of Appeals for the Seventh Circuit found in November 2006 that the GNU General Public License (GPL) and open-source software have nothing to fear from the antitrust laws. Even if source code is necessary (e.g., for source code analyzers), adequate source code can often be regenerated by disassemblers and decompilers sufficiently to search for vulnerabilities. DoD Directive 5000.1 states that open systems shall be employed, where feasible, and the European Commission identifies open standards as a major policy thrust. Most commercial software (including OSS) is not designed for such purposes. Around the Air Force: Accelerating the Legacy, Expanding Cyber Resiliency, Poppy Seed Warning. Q: Can the government release software under an open source license if it was developed by contractors under government contract? Software/hardware for which the implementation, proofs of its properties, and all required tools are released under an OSS license are termed open proofs(see the open proofs website for more information). Even where there is GOTS/classified software, such software is typically only a portion of the entire system, with other components implemented through COTS components. In particular, will it be directly linked with proprietary or classified code? Marines - (703) 432-1134, DSN 378. Export control laws are often not specifically noted in OSS licenses, but nevertheless these laws also govern when and how software may be released. It can be argued that classified software can be arbitrarily combined with GPL code, beyond the approaches described above. These formats may, but need not, be the same. Yes, extensively. Classified information may not be released to the public without special authorization to do so. As always, if there are questions, consult your attorney to discuss your specific situation. Q: Is there a name for software whose source code is publicly available, but does not meet the definition of open source software? is a survey paper that provides quantitative data that, in many cases, using open source software / free software (abbreviated as OSS/FS, FLOSS, or FOSS) is a reasonable or even superior approach to using their proprietary competition according to various measures.. (its) goal is to show that you should consider using OSS/FS when acquiring software. Note, however, that this may be negotiated; if the government agrees to only receive lesser rights (such as government-purpose rights or restricted rights) then the government does not have the rights necessary to release that software as open source software. DEPARTMENT OF THE AIR FORCE HEADQUARTERS AIR FORCE SPACE COMMAND . Air Force - (618)-229-6976, DSN 779. Also, since there are a limited number of users, there is limited opportunity to gain from user innovation - which again can lead to obsolescence. This includes the most popular OSS license, the, Weakly Protective (aka weak copyleft): These licenses are a compromise between permissive and strongly protective licenses. Adobe Acrobat Reader software is copyrighted software which gives users instant access to documents in their original form, independent of computer platform. A GPLed engine program can be controlled by classified data that it reads without issue. The 1997 InfoWorld Best Technical Support award was won by the Linux User Community. Open source software licenses grant more rights than proprietary software licenses, but they are still conditional licenses that require the user to obey certain terms. Note that this also applies to proprietary software, which often have even stricter limits on if/how the software may be changed. The following externally-developed evaluation processes or tips may be of use: Migrating from an existing system to an OSS approach requires addressing the same issues that any migration involves. It may be found at, US Army Regulation 25-2, paragraph 4-6.h, provides guidance on software security controls that specifically addresses open source software. If the contract includes the typical FAR 52.227-14 (Rights in data - general) clause, without any special alternatives or additions, then the contractor must make a written request for permission to assert copyright in works containing data first produced under the contract. When including externally-developed software in a larger system (e.g., as a library), make it clearly separable from the other components and easy to update. There are many other reasons to believe nearly all OSS is commercial software: This is confirmed by Clarifying Guidance Regarding Open Source Software (OSS) (2009) and the Department of the Navy Open Source Software Guidance (signed June 5, 2007). This is not uncommon. I agree to abide by software copyrights and to comply with the terms of all licenses. OpenSSL - SSL/cryptographic library implementation, GNAT - Ada compiler suite (technically this is part of gcc), perl, Python, PHP, Ruby - Scripting languages, Samba - Windows - Unix/Linux interoperability. Q: Is this related to open source intelligence? Air Force football finishes signing class with 28 three-star recruits, most in Mountain West. Classified software should already be marked as such, of course. In many cases, weakly protective licenses are used for common libraries, while strongly protective licenses are used for applications. As with all commercial items, organizations must obey the terms of the commercial license, negotiate a different license if necessary, or not use the commercial item. Home use of the antivirus products will not only protect personal PCs, but will also potentially lessen the threat of malicious logic being introduced to the workplace and compromising DoD networks. Community OSS support is never enough by itself to provide this support, because the OSS community cannot patch your servers or workstations for you. However, software written entirely by federal government employees as part of their official duties can be released as public domain software. If some portion of the software is protected by copyright, then the combined software work can be released under a copyright license. Q: Where can I release open source software that are new projects to the public? In most cases, yes. Around the Air Force: Accelerating the Legacy, Expanding Cyber Resiliency, Poppy Seed Warning. A service mark is "a word, phrase, symbol or design, or a combination thereof, that identifies and distinguishes the source of a service rather than goods. Cisco takes a deep dive into the latest technologies to get it done. As described in FAR 27.404-3(a)(2), a contracting officer should grant such a request only when [that] will enhance appropriate dissemination or use but release as open source software would typically qualify as a justification for enhanced dissemination and use. The release of the software may be restricted by the International Traffic in Arms Regulation or Export Administration Regulation. Choose a license that has passed legal reviews and is clearly accepted as an OSS license. While this argument may be valid, we know of no court decision or legal opinion confirming this. Q: What are Open Government Off-the-Shelf (OGOTS) or Government OSS (GOSS)? This is not a contradiction; its quite common for different organizations to have different rights to the same software. The CBP ruling points out that 19 U.S.C. First, get approval to publicly release the software. The good news is that, by definition, OSS provides its source code, enabling a more informed evaluation than is typically available for other kinds of COTS products. Q: Is the GPL compatible with Government Unlimited Rights contracts, or does the requirement to display the license, etc, violate Government Unlimited Rights contracts? The Linux kernel project requires that a person proposing a change add a Signed-off-by tag, attesting that the patch, to the best of his or her knowledge, can legally be merged into the mainline and distributed under the terms of (the license)..