Defense, NSA move on 'open source' software development

The National Security Agency and Defense Department are continuing to promote government use of software like Linux whose source code is freely available to the public, representatives of the departments said at a Monday conference on such "open source" software.

Peter Loscocco, a senior research scientist at NSA, said that in spite of complaints from proprietary software vendors, the agency is continuing to improve its Security Enhanced Linux (SE Linux), a variant of the popular Linux operating system software that deploys an advanced security architecture.

"We are preparing to submit SE Linux [for inclusion in] the Linux kernel," or the core element of the evolving operating system that is available for free, Loscocco said at an event sponsored by the Center of Open Source and Government at George Washington University. "That will make it possible for [SE Linux] to run with an out-of-the-box Linux system."

NSA began the project because of its frustrations with computer-security weaknesses in the late 1990s. Rebuffed by proprietary software vendors skeptical of investing large amounts in extra-secure systems without a proven marketplace demand, agency computer scientists studied Linux, modified it and released it to the public in January 2001.

That flexibility and reusability is possible because Linux is offered under general public license (GPL), a software contract that permits endless recopying and modification. Some observers believe that the license has lent a competitive edge to Linux, which has emerged as the foremost competitor to the dominant Microsoft Windows operating system.

Red Hat Linux, another version of the software, received a Defense Department certification Feb. 10, said Fritz Schultz, an official with the Defense Information Systems Agency. The system was one of at least six certified for widespread Defense use, he said.

Schultz said Defense's policy toward open-source software is best summarized as, "Let's compete, as long as [open source and propriety systems] are on an equal footing." Rather than articulating a preference for or against open source, he said the department would "use the best software for the job."

Microsoft has been instrumental in organizing companies to form the Initiative for Software Choice, which seeks to forestall government use of software offered under the GPL. Microsoft objected to the NSA's SE Linux on the grounds that the GPL undermines commercial use of government investment and because it represents competition from the government.

In his remarks, Loscocco said he was glad that NSA had rebuffed such criticism. "We spent a lot of time educating our managers, who accepted a lot of the flak that has come back to NSA about SE Linux," he said. Loscocco was critical of "some of the problems that other people want to impose on us, to make sure we are not working on a product that is competing."

Speaking about the possible inclusion of SE Linux in conventional Linux packages, Loscocco said it "is very good news for us. Linux will then have a leg up on security that other operating systems just don't have."