Open Source Software Compliance within the Government

reportActive / Technical Report | Accession Number: AD1027801 | Open PDF

Abstract:

Open Source Software OSS has become increasingly popular for software development, and subsequently, government usage has increased. This report outlines a process to manage the risks and complexity of OSS usage within the government. The first step in managing OSS licenses is to understand the requirements regarding compliance, distribution, sharing, attribution, compatibility, termination, copyright, and intellectual property. In order to maintain license compliance, a policy must be created and administered. This policy includes a process of OSS discovery, cataloging, evaluation, review, and approval. Specific guidance is also provided to aid with government acquisitions and contracts as well as information assurance and security compliance requirements. With proper understanding, process implementation, and policy maintenance, the government can effectively use OSS without compliance concerns.

Author(s):
Eckert, Lauren A.
Author Organization(s):
U.S. Army Engineer Research and Development Center, Information Technology Vicksburg United States
Descriptive Note:
Technical Report
Pagination:
0052

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:
Approved For Public Release
Distribution Statement:
Approved For Public Release;

RECORD

Collection: TR
Identifying Numbers
Report Number(s):
ERDC/ITL-SR-16-32
 Subject Terms
Joint Capability Areas:
JCA_5_Command and Control; JCA_5.3_Planning; JCA_5.3.2_Apply Situational Understanding; JCA_5.3.4_Develop Courses of Action; JCA_5.3.5_Analyze Courses of Action; JCA_5.3.3_Develop Strategy; JCA_5.5_Direct; JCA_5.5.1_Communicate Intent and Guidance; JCA_5.6.4_Assess Guidance; JCA_5.6_Monitor; JCA_6_Net Centric; JCA_1_Force Support; JCA_4.3_Maintain; JCA_1.2_Force Preparation; JCA_3.2_Engagement; JCA_3_Force Application; JCA_6.4.1_Secure Information Exchange; JCA_3.2.2_Non-Kinetic Means; JCA_6.4_Information Assurance; JCA_7.1.2_Prevent Non-kinetic Attack; JCA_7.1_Prevent
Modernization Areas:
Cyber
Communities of Interest:
Cyber
Descriptor(s):
united states government, software development, GOVERNMENT PROCUREMENT, information systems, computer programming, vulnerability, test and evaluation, computer network security, contractors, acquisition, FEDERAL LAW
Field(s)/Group(s):
Computer Programming and Software, Sociology and Law
Keyword(s):
oss(Open source software), Open source software Law and legislation, government purchasing, license agreements, compliance costs
Report Date:
2016 Dec 01
Creation Date:
2017 Aug 28