washingtonpost.com
Open-Source Fight Flares At Pentagon
Microsoft Lobbies Hard Against Free Software
By Jonathan Krim
Washington Post Staff Writer
Thursday, May 23, 2002; Page E01
Microsoft Corp. is aggressively lobbying the Pentagon to squelch its
growing use of freely distributed computer software and switch to
proprietary
systems such as those sold by the software giant, according to
officials familiar with the campaign.
In what one military source called a "barrage" of contacts with
officials at the Defense Information Systems Agency and the office of
Defense
Secretary Donald H. Rumsfeld over the past few months, the company
said "open source" software threatens security and its intellectual
property.
But the effort may have backfired. A May 10 report prepared for the
Defense Department concluded that open source often results in more
secure, less
expensive applications and that, if anything, its use should be
expanded.
"Banning open source would have immediate, broad, and strongly
negative impacts on the ability of many sensitive and security-focused
DOD groups to
protect themselves against cyberattacks," said the report, by Mitre
Corp.
A Microsoft Corp. spokesman acknowledged discussions between the
company and the Pentagon but denied urging a ban on open-source
software. He also
said Microsoft did not focus on potential security flaws.
Spokesman Jon Murchinson said Microsoft has been talking about how to
allow open-source and proprietary software to coexist. "Our goal is to
resolve
difficult issues that are driving a wedge between the commercial and
free software models," he said.
John Stenbit, an assistant secretary of defense and the Defense
Department's chief information officer, said that Microsoft has said
using free
software with commercial software might violate companies'
intellectual-property rights. Stenbit said the issue is legally "murky."
The company also complained that the Pentagon is funding research on
making free software more secure, which in effect subsidizes Microsoft's
open-source competitors, Stenbit said.
Microsoft's push is a new front in a long-running company assault on
the open-source movement, which company officials have called "a cancer"
and
un-American.
Software is designated open source when its underlying computer code
is available for anyone to license, enhance or customize, often at no
cost. The
theory is that by putting source code in the public domain,
programmers worldwide can improve software by sharing one another's
work.
Vendors of the proprietary systems, such as Microsoft and Oracle
Corp., keep their source codes secret, control changes to programs and
collect all
licensing fees for their use.
Government agencies use a patchwork of systems and software, and
proprietary software is still the most widely used. But open source has
become more
popular with businesses and government.
The Mitre report said open-source software "plays a more critical
role in the DOD than has been generally recognized."
The report identified 249 uses of open-source systems and tools,
including running a Web portal for the Defense Intelligence Agency,
running network
security for the Army command in Europe and support for numerous Air
Force Computer Network Defense tools.
Among the most high-profile efforts is research funded by the
National Security Agency to develop a more secure version of the
open-source Linux
operating system, which competes with Microsoft's Windows.
The report said banning open-source software would drive up costs,
though it offered no specifics. Some government agencies have saved
significantly
by using open source.
At the Census Bureau, programmers used open-source software to launch
a Web site for obtaining federal statistics for $47,000, bureau
officials said.
It would have cost $358,000 if proprietary software were used, they
said.
Microsoft has argued that some free-licensing regimes are
antithetical to the government's stated policy that moneymaking
applications should develop
from government-funded research and that intellectual property should
be protected.
Microsoft also said open-source software is inherently less secure
because the code is available for the world to examine for flaws, making
it
possible for hackers or criminals to exploit them. Proprietary
software, the company argued, is more secure because of its closed
nature.
"I've never seen a systematic study that showed open source to be
more secure," said Dorothy Denning, a professor of computer science at
Georgetown
University who specializes in information warfare.
Others argue that the flexibility provided by open-source software is
essential, enabling users to respond quickly to flaws that are found.
"With open source, there is no need to wait for a large software firm
to decide if a set of changes is in its best interests," said Eugene
Spafford, a
computer-science professor at Purdue University who specializes in
security.
Jonathan Shapiro, who teaches computer science at Johns Hopkins
University, said: "There is data that when the customer can inspect the
code the
vendor is more responsive. . . . Microsoft is in a very weak position
to make this argument. Whose software is the largest, most consistent
source of
security flaws? It's Microsoft."
Stenbit said that the debate is academic and that what matters is how
secure a given piece of software is. To that end, the Defense Department
is now
prohibited from purchasing any software that has not undergone
security testing by the NSA. Stenbit said he is unaware of any
open-source software
that has been tested.
© 2002 The
Washington Post Company