air force approved software list 2021 air force approved software list 2021

This can be a cause of confusion, because without any markings, a recipient is often unaware that the government has unlimited rights to it, and if the government does not know it has certain rights, it becomes difficult for the government to exercise its rights. Coronavirus (COVID-19) Update Information. U.S. courts have determined that the GPL does not violate anti-trust laws. For local guidance, Airmen are encouraged to . OSS implementations can help create and keep open standards open. Q: Can government employees contribute code to open source software projects? The world's number-one enterprise cloud gives the DoD the power to capture, analyze, and retrieve important information quickly . Q: What are synonyms for open source software? The Air Force thinks it's finally found a way. This enables cost-sharing between users, as with proprietary development models. These cases were eventually settled by the parties, but not before certain claims regarding the GPLv2 were decided. Where it is important, examining the security posture of the supplier (e.g., their processes that reduce risk) and scanning/testing/evaluating the software may also be wise. The lack of money changing hands in open source licensing should not be presumed to mean that there is no economic consideration, however. 2019 Approved Software Developers and Transmitters (PDF 51.18 KB) Updated April 15, 2020. No, complying with OSS licenses is much easier than proprietary licenses if you only use the software in the same way that proprietary software is normally used. Thus, open systems require standards that are widely-supported and consensus-based; standards that meet these (and possibly some additional conditions) may be termed open standards. Is it COTS? The 88th Air Base Wing is the host organization for Wright-Patterson Air Force Base. Q: Is there a risk of malicious code becoming embedded into OSS? The Apache 2.0 license is compatible with the GPL version 3 license, but not the GPL version 2 license. (US Air Force/Airman 1st Class Jacob T. Stephens) . 37 African nations, US kickoff AACS 2023 in Senegal. You will need a Common Access Card (CAC) with DoD Certificates to access DoD Cyber Exchange NIPR. Very Important Notes: The Public version of DoD Cyber Exchange has limited content. Software licenses, including those for open source software, are typically based on copyright law. At the subsequent meeting of the Inter-Allied Council . Proprietary COTS is especially appropriate when there is an existing proprietary COTS product that meets the need. In many cases, weakly protective licenses are used for common libraries, while strongly protective licenses are used for applications. DFARS 252.227-7014(a)(15) defines unlimited rights as rights to use, modify, reproduce, release, perform, display, or disclose computer software or computer software documentation in whole or in part, in any manner and for any purpose whatsoever, and to have or authorize others to do so. These services must be genuinely generic in the sense that the applications that use them must not depend on the detailed design of the GPL software to work. Q: What is the legal basis of OSS licenses? (See also Publicly Releasing Open Source Software Developed for the U.S. Government by Dr.David A. Wheeler, DoD Software Tech News, February 2011.). In 2017, the United States District Court for the Northern District of California, in Artifex Software, Inc.v. Hancom, Inc., issued a ruling confirming the enforceability of the GNU General Public License. An alternative is to not include the OSS component in the deliverable, but simply depend on it, as long as that is acceptable to the government. If a government employee enhances or modifies a (copyrighted) open source software program, the resulting work is a joint work (see 17 USC 101) which is partially copyrighted and partially public domain. A copyright holder who releases creative works under one of the Creative Common licenses that permit commercial use and modifications would be using an OSS-like approach for such works. Many development tools covered by the GPL include libraries and runtimes that are not covered by the GPL itself but the GPL with a runtime exception (e.g., the CLASSPATH exception) that specifically permits development of proprietary software. If it is a modification of an existing project, or a plug-in to it, release it under the projects original license (and possibly other licenses). (The MIT license is similar to public domain release, but with some legal protection from lawsuits.). Q: How should I create an open source software project? Support for OSS is often sold separately for OSS; in such cases, you must comply with the support terms for those uses to receive support, but these are typically the same kinds of terms that apply to proprietary software (and they tend to be simpler in practice). Software might not infringe on a patent when it was released, yet the same software may later infringe on a patent if the patent was granted after the softwares release. Avenir MJ8 Editions of HeatCAD and LoopCAD. This regulation only applies to the US Army, but may be a useful reference for others. ), (See also GPL FAQ, Question Can the US Government release a program under the GNU GPL?). Of them, 40 Airmen voluntarily left the service and 14 officers retired, according to Undersecretary of the Air Force Gina Ortiz Jones at a House Armed Services Committee hearing Feb. 28. how to ensure the interoperability of systems; how to build systems that are manageable. The 2003 MITRE study, Use of Free and Open Source Software (FOSS) in the U.S. Department of Defense, did suggest developing a Generally Recognized As Safe (GRAS) list, but such a list has not been developed. Choose a widely-used existing license; do not create a new license. Q: What are indicators that a specific OSS program will have fewer unintentional vulnerabilities? So if the program is being used and not modified (a very common case), this additional term has no impact. Q: How does open source software work with open systems/open standards? Thus, GPLed compilers can compile classified programs (since the compilers treat the classified program as data), and a GPLed implementation of a virtual machine (VM) can execute classified software (since the VM implementation runs the software as data). This is not merely theoretical; in 2003 the Linux kernel development process resisted an attack. No, DoD policy does not require you to have commercial support for OSS, but you must have some plan for support. This includes the most popular OSS license, the, Weakly Protective (aka weak copyleft): These licenses are a compromise between permissive and strongly protective licenses. This is often done when the deliverable is a software application; instead of including commercially-available components such as the operating system or database system as part of the deliverable, the deliverable could simply state what it requires. However, using a support vendor is not the only approach or the best approach in all cases; system/program managers and DAAs must look at the specific situation to make a determination. Many programs and DAAs do choose to use commercial support, and in many cases that is the best approach. Q: When a DoD contractor is developing a new system/software as a deliverable in a typical DoD contract, is it possible to include existing open source software? Examples include: If you know of others who have similar needs, ask them for leads. The usual federal non-DoD clause (FAR 52.227-14) also permits this by default as long as the government has not granted the contractor the right to assert copyright. No. BSD TCP/IP suite - Provided the basis of the Internet, Greatly increased costs, due to the effort of self-maintaining its own version, Inability to use improvements (including security patches and innovations) by others, where it uses a non-standard version instead of the version being actively maintained, Greatly increased cost, due to having to bear the, Inability to use improvements (including security patches and innovations) by others, since they do not have the opportunity to aid in its development, Obsolescence due to the development and release of a competing commercial (e.g., OSS) project. Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134-1706 USA. However, this cost-sharing is done in a rather different way than in proprietary development. Adobe Acrobat Reader software is copyrighted software which gives users instant access to documents in their original form, independent of computer platform. The DoDIN APL is an acquisition decision support tool for DoD organizations interested in procuring equipment to add to the DISN to support their mission. The Defense Information Systems Agency maintains the DOD Information Network (DODIN) Approved Products List (APL) process, as outlined in DOD Instruction 8100.04 on behalf of the Department of Defense. Yes, its possible. SUBJECT: Software Applications Approval Process . https://www.disa.mil/network-services/ucco, The DoD Cyber Exchange is sponsored by ), the . Thus, public domain software provides recipients all of the rights that open source software must provide. Widespread availability and use of the software (which increases the likelihood of detection), Configuration management systems that record the identity of individual contributors (which acts as a deterrent), Licenses or development policies that warn against the unlawful inclusion of material, or require people to specifically assert that they are acting lawfully (which reduce the risk of unintentional infringement), Lack of evidence of infrigement (e.g., an Internet search for project name + copyright infringement turns up nothing). On approval, such containers are granted a "Certificate to Field" designation by the Air Force Chief Software Officer. Lock-in tends to raise costs substantially, reduces long-term value (including functionality, innovation, and reliability), and can become a serious security problem (since the supplier has little incentive to provide a secure product and to quickly fix problems found later). Others can obtain permission to use a copyrighted work by obtaining a license from the copyright holder. If the project is likely to become large, or must perform filtering for public release, it may be better to establish its own website. Each government program must determine its needs, and then evaluate its options for meeting those needs. The red book explains its purpose; since an agency cannot directly obligate in excess or advance of its appropriations, it should not be able to accomplish the same thing indirectly by accepting ostensibly voluntary services and then presenting Congress with the bill, in the hope that Congress will recognize a moral obligation to pay for the benefits conferred. This is not a contradiction; its quite common for different organizations to have different rights to the same software. Most of the Air Force runs on excel VBA because of this. Q: Is it more difficult to comply with OSS licenses than proprietary licenses? In addition, ignoring OSS would not be lawful; U.S. law specifically requires consideration of commercial software (including extant OSS, regardless of exactly which license it uses), and specifically instructs departments to pass this requirement to consider commercial items down to contractors and their suppliers at all tiers. Vendor lock-in, aka lock-in, is the situation in which customers are dependent on a single supplier for some product (i.e., a good or service), or products, and cannot move to another vendor without substantial costs and/or inconvenience. After all, most proprietary software licenses explicitly forbid modifying (or even reverse-engineering) the program, so the GPL actually provides additional rights not present in most proprietary software. Q: In what form should I release open source software? This has never been true, and explaining this takes little time. Under the default DFARS and FAR rules and processes, the contractor often keeps and exercise the rights of a copyright holder, which enables them to release that software as open source software (as long as other laws and regulations are met). DoD contractors who always ignore components because they are OSS, or because they have a particular OSS license they dont prefer, risk losing projects to more competitive bidders. An OSS implementation can be read and modified by anyone; such implementations can quickly become a working reference model (a sample implementation or an executable specification) that demonstrates what the specification means (clarifying the specification) and demonstrating how to actually implement it. OSS licenses and projects clearly approve of commercial support. Thus, in many cases a choice of venue clause is not an insurmountable barrier to acceptance of the software delivery by the government. Anyone who is considering this approach should obtain a determination from general counsel first (and please let the FAQ authors know!). OSS projects typically seek financial gain in the form of improvements. Examples include GPL applications running on proprietary operating systems or wrappers, and GPL applications that use proprietary components explicitly marked as non-GPL. Establish project website. The certification affirms that the Air Force OTI is authorized to use ASTi's products, which now appear in the OTI Evaluated/Approved Products List (OTI E/APL). Even for many modifications (e.g., bug fixes) this causes no issues because in many cases the DoD has no interest in keeping those changes confidential. By some definitions this is technically not an open source license, because no license is needed, but such public domain software can be legally used, modified, and combined with other software without restriction. Download Adobe Acrobat Reader. The Defense Innovation Unit (DIU) is a . As noted above, in software, Open Source refers to software for which the human-readable source code is available for use, study, re-use, modification, enhancement, and re-distribution by the users of such software. Widely-used programs include the Apache web server, Firefox web browser, Linux kernel, and many other programs. Choose a GPL-compatible license. Q: Does the DoD use OSS for security functions? The DSOP is joint effort of the DOD's Chief Information Officer, Office of the Undersecretary of Defense for Acquisition and Sustainment. The FAR and DFARS do not currently mandate any specific marking for software where the government has unlimited rights. In practice, OSS projects tend to be remarkably clean of such issues. If using acronyms and abbreviations, only utilize those identified on the approved Air Force Acronym and Abbreviation List, unless noted by an approved category. However, note that the advantages of cost-sharing only applies if there are many users; if no user/co-developer community is built up, then it can be as costly as GOTS. It points to various studies related to market share, reliability, performance, scalability, security, and total cost of ownership. OpenSSL - SSL/cryptographic library implementation, GNAT - Ada compiler suite (technically this is part of gcc), perl, Python, PHP, Ruby - Scripting languages, Samba - Windows - Unix/Linux interoperability. Q: What are the major types of open source software licenses? Many software developers find software patents difficult to understand, making it difficult for them to determine if a given patent even applies to a given program. Software developed by US federal government employees (including military personnel) as part of their official duties is not subject to copyright protection in the US (see 17 USC 105). GOTS software should not be released when it implements a strategic innovation, i.e. Certification Report Security Target. These decisions largely held that the GNU General Public License, version 2 was enforceable in a series of five related legal cases loosely referred to as Versata v. Ameriprise, although there were related suits against Versata by XimpleWare. Notepad, PowerShell, and Excel are great alternatives. The terms that apply to usage and redistribution tend to be trivially easy to meet (e.g., you must not remove the license or author credits when re-distributing the software). The 1997 InfoWorld Best Technical Support award was won by the Linux User Community. See the licenses listed in the FAQ question What are the major types of open source software licenses?. AFCENT/A1RR will publish approved local supplements to the Air Force Reporting A trademark is a word, phrase, symbol or design, or a combination thereof, that identifies and distinguishes the source of the goods of one party from those of others.. Such software does not normally undergo widespread public review, indeed, the source code is typically not provided to the public and there are often license clauses that attempt to inhibit review further (e.g., forbidding reverse engineering and/or forbidding the public disclosure of analysis results). Many projects, particularly the large number of projects managed by the Free Software Foundation (FSF), ask for an employers disclaimer from the contributors employer in a number of circumstances. OSS licenses can be grouped into three main categories: Permissive, strongly protective, and weakly protective. 2019 Approved Software Developers of Paper 2D Forms (PDF 47.33 KB) Final as of April 2, 2020. The list of products, referred to as "Blue sUAS," come from 5 different manufacturers: Skydio, Parrot, Altavian, Teal Drones, and Vantage Robotics. Whats more, proprietary software release practices make it more difficult to be confident that the software does not include malicious code. Proprietary COTS tend to be lower cost than GOTS, since the cost of development and maintenance is typically shared among a larger number of users (who typically pay to receive licenses to use the product). Industry Partners / Employers. AFCWWTS 2021 GUEST LIST Coming Soon. The DoDIN APL is managed by the Approved Products Certification Office (APCO). In effect, the malicious developer could lose many or all rights over their license-violating result, even rights they would normally have had! Resources for further information include: In brief, the MIT and 2-clause BSD license are dominated by the 3-clause BSD license, which are all dominated by the LGPL licenses, which are all dominated by the GPL licenses.