• Home
  • Resources
    • Find Resources by Topic Tags
    • Cybersecurity Policy Chart
    • CSIAC Reports
    • Webinars
    • Podcasts
    • Cybersecurity Digest
    • Standards & Reference Docs
    • Journals
    • Certifications
    • Acronym DB
    • Cybersecurity Related Websites
  • Services
    • Free Technical Inquiry
    • CAT Program
    • Subject Matter Experts
    • Training
    • Contact
  • Community
    • Upcoming Events
    • Cybersecurity
    • Modeling & Simulation
    • Knowledge Management
    • Software Engineering
    • Cyber COI
  • About
    • About the CSIAC
    • The CSIAC Team
    • DTIC’s IAC Program
    • DTIC’s R&E Gateway
    • Inquiries & CAT’s
    • FAQ’s
    • DTIC STI Program
  • Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer
Login / Register

CSIAC

Cyber Security and Information Systems Information Analysis Center

  • Resources
    • Find Resources by Topic Tags
    • Cybersecurity Policy Chart
    • CSIAC Reports
    • Webinars
    • Podcasts
    • Cybersecurity Digest
    • Standards & Reference Docs
    • Journals
    • Certifications
    • Acronym DB
    • Cybersecurity Websites
  • Services
    • Free Technical Inquiry
    • CAT Program
    • Subject Matter Experts
    • Training
    • Contact
  • Community
    • Upcoming Events
    • Cybersecurity
    • Modeling & Simulation
    • Knowledge Management
    • Software Engineering
    • Cyber COI
  • About
    • About the CSIAC
    • The CSIAC Team
    • DTIC’s IAC Program
    • DTIC’s R&E Gateway
    • Inquiries & CAT’s
    • FAQ’s
    • DTIC STI Program
  • Cybersecurity
  • Modeling & Simulation
  • Knowledge Management
  • Software Engineering
  • Cyber COI
/ Journal Issues / DoD and Open Source Software / Publicly Releasing Open Source Software Developed for the U.S. Government

Publicly Releasing Open Source Software Developed for the U.S. Government

Published in Software Tech News
Volume: 14 Number: 1 - DoD and Open Source Software

Author: Dr. David A. Wheeler
Posted: 03/11/2016 | Leave a Comment

Final notes

If the government and relevant contractors intend to release software as OSS, it’s best if that is explicitly stated ahead of time.  For example, OSS could be identified as the planned software maintenance philosophy per DFARS 227.7203-2(b)(1).  However, since many contracts do not discuss releasing software as OSS, it’s important to understand the default rules for commonly-encountered cases.

If software is released to the public as OSS and it becomes “customarily used by the general public or by nongovernmental entities for purposes other than governmental purposes,” then that software becomes commercial software.  This is by both law (41 USC §403) and regulation (e.g., DFARS 252.227-7014(a)(1)).  It does not matter if the software was originally developed with government funds, or not.  Thus, releasing software as OSS can be a commercialization approach.

The U.S. government and its contractors have released many programs as OSS.  I hope that this material helps you understand how you can release software as OSS in a manner consistent with laws, regulations, and contracts.

The publication of this paper does not indicate endorsement by the Department of Defense or IDA, nor should the contents be construed as reflecting the official positions of those organizations.


  1. This is, in summarized form, the Free Software Definition (http://www.gnu.org/philosophy/free-sw.html) from the Free Software Foundation.  A similar definition is in the DoD’s “Clarifying Guidance Regarding Open Source Software (OSS)” ).  A more detailed definition of OSS is the Open Source Definition (http://www.opensource.org/osd.html) from the Open Source Initiative.
  2. To release under an OSS license you must have the copyright-related rights (listed in 17 USC §106) to reproduce the work, to prepare derivative works, to distribute copies, and to permit others to perform those actions.
  3. The Council on Governmental Relations (CAGR)’s “Technical Data and Computer Software: A Guide to Rights and Responsibilities Under Federal Contracts, Grants and Cooperative Agreements” states that “This unlimited license enables the government to act on its own behalf and to authorize others to do the same things that it can do, thus giving the government essentially the same rights as the copyright owner.”
  4. CENDI’s “Frequently Asked Questions about Copyright and Computer Software” at http://cendi.gov/publications/09-1FAQ_OpenSourceSoftware_FINAL_110109.pdf  question 4.3 says: “an agency may distribute software created by a vendor to all users under an open source licensing scheme if it acquired sufficient rights from the vendor to do so in the software. For example, an “unlimited rights license” acquired under a DFARS procurement-type contract…”  Similarly, the “DoD Open Source Software (OSS) FAQ” says that once the government has unlimited rights, it can “use those rights to release that software under a variety of conditions (including an open source software license), because it has the use and modify the software at will, and has the right to authorize others to do so.”
  5. The government can probably take other measures against someone who does not comply with the license, though.  For example, the government may be able to sue for breach of license.  Also, an infringer may lose any ability to enforce rights over the resulting work in U.S. court due to the doctrine of unclean hands.
  6. Ashton B. Carter, “Memorandum to Acquisition Professionals Subject: Better Buying Power: Mandate for Restoring Affordability and Productivity in Defense Spending” on Defense Spending 28 Jun 2010.pdf –  His first point on providing incentives is to “Avoid directed buys and other substitutes for real competition. Use technical data packages and open systems architectures to support a continuous competitive environment.”
  7. GAO GAO-06-839 “WEAPONS ACQUISITION: DOD Should Strengthen Policies for Assessing Technical Data Needs to Support Weapon Systems” (July 2006) http://www.gao.gov/new.items/d06839.pdf reported that “The lack of technical data rights has limited the services’ flexibility to make changes to sustainment plans that are aimed at achieving cost savings and meeting legislative requirements regarding depot maintenance capabilities… Unless DOD assesses and secures its rights for the use of technical data early in the weapon system acquisition process when it has the greatest leverage to negotiate, DOD may face later challenges in sustaining weapon systems over their life cycle.”
  8. See, for example, “Fire support’s dependence on contractors,” Sgt Timothy Caucutt, https://www.mca-marines.org/gazette/2010/08/paying-pirates
  9. This U.S. law does not cover software, but the DoD also applies this to software per DFARS 227.7203-1(c) and (d).
  10. George O. Winborne, Jr., “Who’s Killing the Goose?” American Bar Association Section of Public Contract Law Program Intellectual Property in Government Contracts—What You Didn‘t Learn in Kindergarten, November 11-12, 2010, Seaport Hotel, Boston, Massachusetts.  https://acc.dau.mil/adl/en-US/401584/file/54029/Winborne_ABAPCL_paper_Wh… _Release.pdf
Pages: Page 1 Page 2 Page 3

Previous Article:
« Application Specific Abstractions: A Research
Next Article:
Open Source Software Is Commercial »

Author

Dr. David A. Wheeler
Dr. David A. Wheeler
My professional interests are in improving software development practices for higher-risk software systems (i.e., ones which must be secure, large, and/or safety-critical). My specialties include writing secure programs, vulnerability assessment, open standards, open source software / free software (OSS/FS), Internet/web standards and technologies, and POSIX.

Reader Interactions

Leave a Comment Cancel

You must be logged in to post a comment.

sidebar

Blog Sidebar

Featured Content

The DoD Cybersecurity Policy Chart

The DoD Cybersecurity Policy Chart

This chart captures the tremendous breadth of applicable policies, some of which many cybersecurity professionals may not even be aware, in a helpful organizational scheme.

View the Policy Chart

CSIAC Journal - Launching Innovation Through Medical Modeling and Simulation Technologies

CSIAC Journal Cover Volume 5 Number 4

This Special Edition of the Journal will provide a glimpse into current efforts to improve military medical training with simulation-based solutions.

Read the Journal

CSIAC Journal - Innovation Based Ecosystems

CSIAC Journal Cover Volume 5 Number 4

This issue of the Journal of Cyber Security & Information Systems explores how managing fast adoption modern-based system has more to do with understanding capabilities, interdependency between systems and effectively operating in the new paradigm than it has to do with differentiating product features.

Read the Journal

Recent Video Podcasts

  • What is DevOps? from a tools point of view Series: CSIAC Webinars
  • 5th Generation (5G) Technology Series: The CSIAC Podcast
  • Malvertising Explored Series: The CSIAC Podcast
  • Cybersecurity Arms Race – Modernizing the Arsenal Series: CSIAC Webinars
  • Cyber Situational Awareness Series: The CSIAC Podcast
View all Podcasts

Upcoming Events

Thu 28

BSides Columbus 2019

February 28 - March 1
Columbus OH
United States
Organizer: BSides Columbus
Mar 19

1st NATO – Industry Workshop on Autonomous Cyber Defence

March 19 @ 09:30 - 16:00 EDT
Cranfield Bedfordshire MK43 0AL
United Kingdom
Organizer: Cranfield University
View all Events

Recently Active Members

Profile picture of tyler1018
Profile picture of aludd24
Profile picture of dominarmarc
Profile picture of eviscosi
Profile picture of bbarksdale
Profile picture of cfasolo22
Profile picture of bmazzie14
Profile picture of rileysperati
Profile picture of Asprague09a
Profile picture of kradzewicz
Profile picture of CSIACAdmin
Profile picture of kreinerj
Profile picture of Mathieu Schram
Profile picture of clyon30
Profile picture of rseng26
Profile picture of MSPOLLEN
Profile picture of Garrett
Profile picture of Diogo

Footer

CSIAC Products & Services

  • Free Technical Inquiry
  • Core Analysis Tasks (CATs)
  • Resources
  • Events Calendar
  • Frequently Asked Questions
  • Product Feedback Form

About CSIAC

The CSIAC is a DoD-sponsored Center of Excellence in the fields of Cybersecurity, Software Engineering, Modeling & Simulation, and Knowledge Management & Information Sharing.Learn More

Contact Us

Phone:800-214-7921
Email:info@csiac.org
Address:   266 Genesee St.
Utica, NY 13502
Send us a Message
ASD(R&E) LogoUS Department of Defense LogoDoD IACs LogoDTIC LogoTEMS Logo

Copyright 2018, Quanterion Solutions Incorporated

Sitemap | Privacy Policy | Terms of Use | Accessibility Information

This website uses cookies to provide our services and to improve your experience. By using this site, you consent to the use of our cookies. To read more about the use of our site, please click "Read More". Otherwise, click "Dismiss" to hide this notice. Dismiss Read More