OOo in DoD
Posted: Wed Apr 30, 2008 7:54 pm
A few months ago I began working with DoD to get OOo approved (networthiness cert) for use. It could have been a windfall for many in DoD who could have used it features, alas it's not to be. Despite all DoD's talk of wanting to integrate Open Source Software there is just too much red-tape in the way. Here is the reason I got from NETCOM:
"
Sorry but the risk associated with the OpenOffice products can not be accepted. It has no warranty and would create an unacceptable risk to the network. See information below for more detail.
2.4 Open Source / Freeware DoD has clarified policy on the use of open source software to take advantage of the capabilities available in the Open Source community as long as certain prerequisites are met. DoD no longer requires that operating system software be obtained through a valid vendor channel and have a formal support path, if the source code for the operating system is publicly available for review.
DoD CIO Memo, “Open Source Software (OSS) in Department of Defense (DoD), 28 May 2003”:
“DOD Components acquiring, using or developing OSS must ensure that the OSS complies with the same DOD policies that govern Commercial off the Shelf (COTS) and Government off the Shelf (GOTS) software. This includes, but is not limited to, the requirements that all information assurance (IA) or IA-enabled IT hardware, firmware and software components or products incorporated into DOD information systems whether acquired of originated within DOD:
Comply with the evaluation and validation requirements of National Security Telecommunications and Information Systems Security Policy Number 11 and be configured in accordance with DOD-approved security and configuration guidelines at http://iase.disa.mil/ and http://www.nas.gov/.”
Open source software takes several forms:
1. A utility that has publicly available source code is acceptable.
2. A commercial product that incorporates open source software is acceptable because the commercial vendor provides a warranty.
3. Vendor supported open source software is acceptable.
4. A utility that comes compiled and has no warranty is not acceptable.
The DoDD 8500.1 says “Public domain software products, and other software products with limited or no warranty, such as those commonly known as freeware or shareware, shall only be used in DoD information systems to meet compelling operational requirements. Such products shall be thoroughly assessed for risk and accepted for use by the responsible DAA
Further research on the openoffice Web site shows the following lack of warranty-
If you go to the open office site http://why.openoffice.org/
Look at the bottom of the page. It says bound by these Policies and Terms of Use. If you click on it you are brought to the following web site:
http://www.sunsource.net/TUPPCP.html
Terms of Use.
3. ACCESS TO THE SITE AND THINGS YOU FIND HERE. This section refers to the Materials found on the Site, as defined above.
b. Use at Your Own Risk. You understand that the Hosts do not pre-screen Materials, and You agree to assume all risks in Using them. These risks include, but are not limited to, errors, viruses, worms, time-limited software that expires without notice , and the possibility that the Materials infringe or misappropriate the intellectual property rights of others. You agree to assume all such risks.
5. MISCELLANEOUS.
a. Disclaimer of Warranties. YOUR USE OF THE SITE IS AT YOUR SOLE RISK. THE SITE, INCLUDING ALL MATERIALS FOUND ON IT, IS PROVIDED ON AN "AS IS," "AS AVAILABLE" AND "WITH ALL FAULTS" BASIS. THE HOSTS DISCLAIM ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES OF ANY KIND, INCLUDING ANY IMPLIED WARRANTY OR CONDITION OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. THE HOSTS MAKE NO REPRESENTATIONS, WARRANTIES, CONDITIONS OR GUARANTEES AS TO THE USEFULNESS QUALITY, SUITABILITY, TRUTH, ACCURACY OR COMPLETENESS OF THE SITE. YOU AGREE TO ASSUME ALL RISK OF LOSS OR LIABILITY FOR THE USE OF THIS SITE OR ANY MATERIALS ON IT.
b. Limitation of Liability. TO THE FULLEST EXTENT PERMITTED BY LAW, THE HOSTS ARE NOT LIABLE FOR ANY DIRECT, INDIRECT, PUNITIVE, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES (INCLUDING, WITHOUT LIMITATION, LOSS OF BUSINESS, REVENUE, PROFITS, GOODWILL, USE, DATA, ELECTRONICALLY TRANSMITTED ORDERS, OR OTHER ECONOMIC ADVANTAGE) ARISING OUT OF OR IN CONNECTION WITH THE SITE OR MATERIALS, EVEN IF THE HOSTS HAVE PREVIOUSLY BEEN ADVISED OF, OR REASONABLY COULD HAVE FORESEEN, THE POSSIBILITY OF SUCH DAMAGES, HOWEVER THEY ARISE, WHETHER IN BREACH OF CONTRACT OR IN TORT (INCLUDING NEGLIGENCE). TO THE EXTENT THAT ANY JURISDICTION DOES NOT ALLOW THE EXCLUSION OR LIMITATION OF DIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES, PORTIONS OF THE ABOVE LIMITATION OR EXCLUSION MAY NOT APPLY.
"
"
Sorry but the risk associated with the OpenOffice products can not be accepted. It has no warranty and would create an unacceptable risk to the network. See information below for more detail.
2.4 Open Source / Freeware DoD has clarified policy on the use of open source software to take advantage of the capabilities available in the Open Source community as long as certain prerequisites are met. DoD no longer requires that operating system software be obtained through a valid vendor channel and have a formal support path, if the source code for the operating system is publicly available for review.
DoD CIO Memo, “Open Source Software (OSS) in Department of Defense (DoD), 28 May 2003”:
“DOD Components acquiring, using or developing OSS must ensure that the OSS complies with the same DOD policies that govern Commercial off the Shelf (COTS) and Government off the Shelf (GOTS) software. This includes, but is not limited to, the requirements that all information assurance (IA) or IA-enabled IT hardware, firmware and software components or products incorporated into DOD information systems whether acquired of originated within DOD:
Comply with the evaluation and validation requirements of National Security Telecommunications and Information Systems Security Policy Number 11 and be configured in accordance with DOD-approved security and configuration guidelines at http://iase.disa.mil/ and http://www.nas.gov/.”
Open source software takes several forms:
1. A utility that has publicly available source code is acceptable.
2. A commercial product that incorporates open source software is acceptable because the commercial vendor provides a warranty.
3. Vendor supported open source software is acceptable.
4. A utility that comes compiled and has no warranty is not acceptable.
The DoDD 8500.1 says “Public domain software products, and other software products with limited or no warranty, such as those commonly known as freeware or shareware, shall only be used in DoD information systems to meet compelling operational requirements. Such products shall be thoroughly assessed for risk and accepted for use by the responsible DAA
Further research on the openoffice Web site shows the following lack of warranty-
If you go to the open office site http://why.openoffice.org/
Look at the bottom of the page. It says bound by these Policies and Terms of Use. If you click on it you are brought to the following web site:
http://www.sunsource.net/TUPPCP.html
Terms of Use.
3. ACCESS TO THE SITE AND THINGS YOU FIND HERE. This section refers to the Materials found on the Site, as defined above.
b. Use at Your Own Risk. You understand that the Hosts do not pre-screen Materials, and You agree to assume all risks in Using them. These risks include, but are not limited to, errors, viruses, worms, time-limited software that expires without notice , and the possibility that the Materials infringe or misappropriate the intellectual property rights of others. You agree to assume all such risks.
5. MISCELLANEOUS.
a. Disclaimer of Warranties. YOUR USE OF THE SITE IS AT YOUR SOLE RISK. THE SITE, INCLUDING ALL MATERIALS FOUND ON IT, IS PROVIDED ON AN "AS IS," "AS AVAILABLE" AND "WITH ALL FAULTS" BASIS. THE HOSTS DISCLAIM ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES OF ANY KIND, INCLUDING ANY IMPLIED WARRANTY OR CONDITION OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. THE HOSTS MAKE NO REPRESENTATIONS, WARRANTIES, CONDITIONS OR GUARANTEES AS TO THE USEFULNESS QUALITY, SUITABILITY, TRUTH, ACCURACY OR COMPLETENESS OF THE SITE. YOU AGREE TO ASSUME ALL RISK OF LOSS OR LIABILITY FOR THE USE OF THIS SITE OR ANY MATERIALS ON IT.
b. Limitation of Liability. TO THE FULLEST EXTENT PERMITTED BY LAW, THE HOSTS ARE NOT LIABLE FOR ANY DIRECT, INDIRECT, PUNITIVE, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES (INCLUDING, WITHOUT LIMITATION, LOSS OF BUSINESS, REVENUE, PROFITS, GOODWILL, USE, DATA, ELECTRONICALLY TRANSMITTED ORDERS, OR OTHER ECONOMIC ADVANTAGE) ARISING OUT OF OR IN CONNECTION WITH THE SITE OR MATERIALS, EVEN IF THE HOSTS HAVE PREVIOUSLY BEEN ADVISED OF, OR REASONABLY COULD HAVE FORESEEN, THE POSSIBILITY OF SUCH DAMAGES, HOWEVER THEY ARISE, WHETHER IN BREACH OF CONTRACT OR IN TORT (INCLUDING NEGLIGENCE). TO THE EXTENT THAT ANY JURISDICTION DOES NOT ALLOW THE EXCLUSION OR LIMITATION OF DIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES, PORTIONS OF THE ABOVE LIMITATION OR EXCLUSION MAY NOT APPLY.
"