Fwd: | 03.08.12 | Open source license terms provoke Antideficiency concerns
John Scott III
1. Army lawyers dismiss Apache license indemnification snafu
By David Perera Comment |
Forward |
Twitter |
Facebook |
A clause in the Apache open source license does not in fact violate a government law known as the Antideficiency Act that prevents federal officials from binding agencies in a contractual obligation before Congress has appropriated money for it--at least in one specific case that was considered by Army lawyers earlier this year.
According to defense officials who spoke on condition of anonymity, lawyers at Army Material Command grew concerned after defense contractor Raytheon submitted for acceptance a solution that contains Apache code. Use of Apache web server software is exceedingly common inside and outside the military; according to a survey of 644.27 million websites by U.K.-based Internet services company Netcraft, Apache serves an estimated 57.45 percent of all active websites.
However, a routine lawyerly check of licensing agreements uncovered a clause in the Apache license stipulating that licensees could be required to indemnify contributors to Apache code--a condition that would be unacceptable under the Antideficiency Act, since it would create a possibly unlimited future liability were a lawsuit to arise.
But, a closer examination of the clause revealed that the trigger for indemnifying Apache coders would be activated only should the licensee--Army Material Command in this case--itself extends indemnification to a third party.
Since the likelihood of any government agency agreeing to indemnify a software user is as close to zero as possible, Army lawyers dropped their concern, defense sources say. However, Army lawyers also appear leery of letting their conclusion become the basis for a military-wide conclusions on the irrelevance of indemnification clauses in open source licenses.
Most open source license experts tend to dismiss the indemnification clause as a non-issue for entities that don't themselves commercially transact software--such as the federal government.
For more:
- read the Apache licenseRelated Articles:
Ozone Widget Framework to transition to OSS
DISA revises software guideline clarifying open source rules
NASA looks to lower open source licensing barriersRead more about: open source, Raytheon, Army, DoD
back to top
Lee Fisher
>
>
> Begin forwarded message:
Could you please not strip off all original-source URLs when you forward
text from other web pages/newsletters?
Thanks.
John Scott III
From: FierceGovIT <edi...@fiercegovernmentit.com>Date: March 8, 2012 2:52:16 PM ESTTo: jms...@gmail.comSubject: | 03.08.12 | Open source license terms provoke Antideficiency concernsReply-To: edi...@fiercegovernmentit.comIf you are unable to see the message below, click here to view.
March 8, 2012
Sign up for free:
Subscribe | Web | Mobile
Refer FierceGovernmentIT to a Colleague
This week's sponsor is ACT-IAC ACQUISITION EXCELLENCE
Grand Hyatt Washington, March 29
Join more than 500 government/industry acquisition professionals to discuss actionable strategies for improving Federal acquisition planning and implementation. Space is limited.Register Now!Today's Top Stories
2. Security concerns grow at NASA
3. ISPs: Cybersecurity can't be handled through regulation
4. White House unveils ethics.gov
5. DoD security manual addresses classification policiesEditor's Corner: Play Chinese hacker cliche bingo with taxpayer-funded report
Also Noted: FierceGovernmentIT
Obama administration officials simulate a cyber attack for lawmakers; Coast Guard seeks IT efficiencies in the cloud; and much more...
This week's sponsor is TechExpo. TECHEXPO Top Secret is the Nation's premiere producer of Security-Cleared job fairs! Search & apply at TechExpoUSA.com.
Play Chinese hacker cliche bingo with taxpayer-funded report
Follow @fiercegov on Twitter
A March 7 report (.pdf) prepared by Northrop Grumman under contract for the U.S.-China Economic and Security Review Commission on "Chinese Capabilities for Computer Network Operations and Cyber Espionage" repeats so much of the current collective wisdom on Chinese state-sponsored hacking that it's like playing Chinese hacker-woe bingo.
It brings up the possibility of China attacking U.S. logistics operations should conflict break out with Taiwan in order to "delay U.S. entry or degrade capabilities."
It notes that the line between state-sponsored hacking and civilian information technology companies and universities is not clear. At least 50 universities benefit from state grant programs, the report says.
It also brings up the possibility of Chinese-made firmware or hardware parts infesting the U.S. military supply chain, allowing the People's Liberation Army to implant built-in Trojanized access to American networks.
Read more about: China, Northrop Grumman
back to topToday's Top News
This week's sponsor is AFFIRM. Accelerating Government at the Speed of Mobility
This joint AFFIRM/GITEC event on March 15 will explore the latest and most innovative mobility work in government as budgets, technology, and coasts become more fluid and distributed.Register today.2. Security concerns grow at NASA
By Molly Bernhart Walker
The possibility that other nations are attempting to extract information through civil-space partnerships and hacking efforts has NASA on alert, said space agency Administrator Charles Bolden.
"Anyone who is not concerned about what's going on with our partners and non partners would be foolish. Everyone wants our technology," saidBolden during a March 7 House Science, Space and Technology Committee hearing.
Bolden's remarks follow a March 1 International Space Station meeting where General Director of the Russian Federal Space Agency Vladimir Popovkin and General Director of the European Space Agency Jean-Jacques Dordain reportedly said they would like China to join the five-member ISS partnership.
In a letter (.pdf) to Bolden dated March 5, Rep. Frank Wolf (R-Va.) wrote that Bolden "should make clear that the U.S. will not accept Chinese participation," adding that the "Chinese 'civilian' space program is directly run by the People's Liberation Army." Wolf also cited testimony from Defense Intelligence Agency chief Gen. Ron Burgess saying that China has conducted economic espionage and theft of dual use and military technology.
Bolden told the House committee that he and Wolf have discussed the issue privately. "I am continually informed by members of the intelligence community, I get briefs all the time...so I am aware of what's going on," said Bolden.
At a Senate hearing earlier in the day, Bolden said NASA is committed to improving its cybersecurity. Sen. Bill Nelson (D-Fla.) cited recent testimony from NASA's inspector general finding NASA suffered multiple malware incidents and intrusions in 2010 and 2011, resulting in the theft of sensitive information. Bolden added that NASA is working to prevent data breaches through better encryption and physical-security policies, but made little mention of resilience against hacking.
Related Articles:
Fiscal 2013 budget request: NASA
NASA networks unsecure, says IG
NASA looks for small satellite swarming technology
Q&A: NASA's Sean Herron and William Eshagh on code.nasa.govRead more about: NASA, China, International Space Station, DIA
back to top
Many of the tropes of the cybersecurity discussion in federal agencies and Congress came under challenge from a March 7 panel before the House Energy and Commerce subcommittee on communications and technology.
For example, cybersecurity legislation that would require firms to audit their cybersecurity posture annually would take "people away from the work to do paperwork," said Ed Amoroso, chief security officer for AT&T Services. Communications providers are already overwhelmed by compliance checklists, he added.
Government intervention isn't necessary to ensure good Internet service provider cybersecurity efforts, said David Mahon, chief security officer for CenturyLink (formerly Qwest). "We and our peers already have the strongest commercial incentives to protect our networks," he said. "There is neither a lack of will nor a lack of commitment."
"Market forces are better suited to respond to constantly changing cyber threats," echoed John Olsen, chief information officer of MetroPCS Communications.
ISPs themselves cannot reliably stop malware at the Internet layer, Amoroso said. "Every hacker knows to make sure they're pushing their malware through that encrypted tunnel, because none of us can see it," he said. "They hide malware in places we can't see."
Were ISPs to block the Internet protocol addresses of computers infected with botnet viruses, Amoroso also said, "we would just shut down the whole Internet if we did that." New botnets 100,000 computers strong crop up every day, he added.
The main cause of computer vulnerabilities today, Amoroso said, is badly written software. "Even professionals today cannot write a non-trivial piece of software that is bug free. And those bugs are the way that our adversaries get into our companies."
As a result of all of the above, "I don't think there's an agency right now that's in a good position to come in and solve a problem that we can't solve ourselves," Amoroso said.
"If it really was a case where you could write out these five things we should all be doing and for whatever reason--negligence, ignorance, whatever--we're not doing, then we really do need someone in government to shake us into action. The problem is that we don't know what it is you should be telling us what we should be doing," he added.
For more:
- go to the hearing webpage (prepared testimonies and webcast available)Related Articles:
Private sector official condemns mandatory cybersecurity information sharing
McCain cybersecurity bill aims for legal frameworks, updates, not structural changes
DHS takes the lead in Senate cybersecurity bill
DHS authority would increase under Lungren cybersec bill - UPDATEDRead more about: cybersecurity legislation, AT&T, cybersecurity, botnets
back to top4. White House unveils ethics.gov
By Molly Bernhart Walker
Federal officials launched March 8 a new federal website called ethics.gov, promising to provide records from seven different data sets in a searchable format.
The website pulls together data from White House visitor logs, Office of Government Ethics travel reports, Lobbying Disclosure Act data, Justice Department Foreign Agents Registration Act data, Federal Election Commission individual contribution reports, FEC candidate reports and FEC committee reports.
"Never before has this measure of government-verified data been available and so easily searchable in a centralized location," write administration officials in a March 8 WhiteHouse.gov blog post.
If the data sounds like something that would typically be housed on data.gov, that's because it is housed on data.gov. In fact, ethics.gov is a redirect link to data.ethics.gov--a micro site on data.gov.
While campaigning in 2008, the Obama-Biden ticket listed "ethics" as core element of their agenda, promising to shine light on lobbying through the creation of a central database focused on exposing special interests. In a March 8 blog post, Sunlight Foundation Policy Director John Wonderlich said this development satisfies the spirit of his campaign promises.
While the site allows keyword and name searches, Wonderlich points out is does have limits. The White House blog noted that the site is a work in progress and future developments will rely largely on user feedback.
"Neither money and politics research nor executive branch oversight are going to be revolutionized by this search page -- at least not yet," wrote Wonderlich.
For more:
- visit "ethics.gov" (data.ethics.gov)
- see the Sunlight Foundation postRelated Articles:
Term 'open government' more murky than transparent, says paper
Open Government Partnership grows
Parting words: Chopra's tips for 'open innovation' successRead more about: Sunlight Foundation, John Wonderlich, transparency, Office of Government Ethics
back to top5. DoD security manual addresses classification policies
By Molly Bernhart Walker
A new information security mandate effective immediately brings the Defense Department in compliance with a December 2009 Executive Order on classified national security information. Defense Department Manual 52001.01, issued Feb. 25 and obtained by the Federation of American Scientists, replaces the 15-year-old Information Security Regulation 5200.1-R.
The Obama administration order laid out classification standards, levels and authorities, which are reinforced in the DoD regulation. But the manual includes additional guidance on data breaches and whistle blowers.
An 18-page section titled "Security Incidents Involving Classified Information" outlines the process for inquiring about a possible breach, reporting, investigating a breach and assessing the consequences of a breach. A section advising on classified information appearing in the media also lumps in public websites--possibly a nod to WikiLeaks--and appropriate processes for responding to inquiries related to leaked information. The appendix for this section provides a security incident reporting form.
Data breach prevention efforts are also emphasized in the manual. It instructs the assistant secretary of defense for networks and information integration to provide technical solutions that will prevent unauthorized accessing, handling and downloading of digital classified information. Who exactly is responsible for fulfilling this task, however, is a mystery. The DoD dissolved the ASD-NII position on Jan. 11.
The manual also indicates DoD may be encouraging the correction of improperly classified national security information.
"If holders of information have substantial reason to believe that the information is improperly or unnecessarily classified, they shall communicate that belief to their security manager or the [original classification authority] to bring about any necessary correction," instructs the manual.
The manual offers a whistle blower-like provision, saying that leadership "shall ensure" individuals are not punished for questioning or challenging a classification. Components are also required to internally audit their classification performance to ensure it complies with the rule.
For more:
- see the index to download each volume
- read the Secrecy News blog postRelated Articles:
DoD publishes manual for public to request declassification
NARA releases proposed rule on automatic declassification
Government classification system cost $11.42 billion last year
ISOO report says federal agencies are impediments to classification system reformRead more about: Barack Obama, Classified Information, National Security Information, Defense Department
back to topAlso Noted
Coping with Consumerization - managing devices in Federal Agencies
Tuesday, March 27, 11am ET / 8am PT
Smart mobile devices are clearly on their way to pervasiveness in federal agencies. The notion that the government can adopt consumer technology on its own terms – that individual employees can even bring their own devices – is gaining once unthinkable currency.Register today.> Obama administration officials simulate a cyber attack for lawmakers. Article(The Hill)
> Coast Guard seeks IT efficiencies in the cloud. Article (FedNewsRadio)
> Navy builds a mechanized fireman. Article (Wired)
> New York City passes open-data law. Article (InfoWeek)
> Why isn't WordPress used more in government?And Finally... 30-story hotel goes up in 2 weeks in China. Article and time-lapse video (LATimes)
Events
* Post listing: Click here.
* General ad info: Click here.
> TECHEXPO CYBER SECURITY Career Fair - March 20, 2012 - Columbia, MD 9am - 3pm
Are you a Cyber Warrior & seeking a new employment opportunity? Don't miss TECHEXPO's Cyber Security job fair on March 20th in Columbia, MD. Interview face-to-face with industry leaders & learn from our panel of distinguished speakers! Cyber Security Experience Required. For more information on attending or exhibiting visit: www.TechExpoUSA.com
> V2X for Auto Safety and Mobility USA 2012 - March 20-21, 2012 - Novi, MI
With the DoT announcing their first steps towards a mandate in 2013, now it is time to investigate this emerging technology to understand how to profit. Check out the online brochure. Use discount code ‘2086FGIT' to save an extra $100 from current web prices.
> Verizon Federal Network Systems (FNS) Invitational Hiring Event - McLean, VA 4pm - 7pm - March 28, 2012
Verizon FNS is seeking candidates who posses an active TS/SCI with a Full Scope Polygraph clearance to attend their invitation only hiring event this March. Submit your resume for review today! For more information visit: www.VerizonExpo.com
> ACQUISITION EXCELLENCE - March 29, 2012 - Grand Hyatt Washington
•Learn how to adapt your agency's IT acquisition strategy to today's challenges
•Share expertise
•Understand how/when to engage with industry
•Visit the vendor showcase
•Earn CEUs
Federal IT professionals, re-energize your brain and earn CEUs with courses in:
• Leadership
• Best Practices
• Project Management
Our courses emphasize collaboration, experiential learning and employ real case studies. Sign up today!
©2012 FierceMarkets This email was sent to jms...@gmail.com as part of the FierceGovernmentIT email list which is administered by FierceMarkets, 1900 L Street NW, Suite 400, Washington, DC 20036, (202) 628-8778.
Refer FierceGovernmentIT to a ColleagueContact Us
Editor: David Perera
VP Sales & Business Development: Jack Fordi
Publisher: Ron LichtingerAdvertise
Advertising Information: contact Jack Fordi. Request a media kit.
Email Management
Unsubscribe from FierceGovernmentIT
Explore our network of publications:
Christopher Sean Morrison
extracting the more interesting and relevant portions. If I wanted to
see everything, I'd just subscribe to FierceGovernmentIT's or whatever
other newsletter myself.
Cheers!
Sean
Charlie
Charlie
Kane McLean
Kane
I second that less is more in this case.
Charlie
--
You received this message because you are subscribed to the "Military Open Source Software" Google Group.
To post to this group, send email to mil...@googlegroups.com
To unsubscribe from this group, send email to mil-oss+u...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/mil-oss?hl=en
www.mil-oss.org
Karl Fogel
Not to beat this to death, but there are three different things:
1) Forwarding just the relevant excerpt, with no source URL
2) Forwarding the relevant excerpt, *with* the source URL
3) Forwarding the entire article (maybe with a source URL)
Lee's request was to to do (2). Christopher's response seems to be
saying "Please no, I don't like (3), so do (1)".
Couldn't we all be happy with (2)? :-)
Actually, John's original post included a link, via an indirection URL
at "links.mkt1985.com". I'm not sure what that site is, but if you
clicked on the link John included, it would take you to the original
story:
It could be that Lee was objecting to the use of the indirection
intermediary, and was saying "I'd like to be able to see the original
source URL without having to click on the indirect link first", in which
case I agree, but it's not a big deal either way.
-Karl
Miles Fidelman
> Christopher Sean Morrison<brl...@mac.com> writes:
>> On Mar 8, 3:27 pm, Lee Fisher<blib...@gmail.com> wrote:
>>> On 3/8/12 11:59 AM, John Scott III wrote:
>>>
>>>> Begin forwarded message:
>>> Could you please not strip off all original-source URLs when you forward
>>> text from other web pages/newsletters?
>> I guess I have the opposite preference. I appreciate Mr. Scott
>> extracting the more interesting and relevant portions. If I wanted to
>> see everything, I'd just subscribe to FierceGovernmentIT's or whatever
>> other newsletter myself.
> Not to beat this to death, but there are three different things:
>
> 1) Forwarding just the relevant excerpt, with no source URL
> 2) Forwarding the relevant excerpt, *with* the source URL
> 3) Forwarding the entire article (maybe with a source URL)
>
> Lee's request was to to do (2). Christopher's response seems to be
> saying "Please no, I don't like (3), so do (1)".
>
> Couldn't we all be happy with (2)? :-)
Yes, please! It's not only the right thing to do (citing sources and
all that), it's the useful thing to do (synopsis with the option of
further details).
Miles Fidelman
--
In theory, there is no difference between theory and practice.
In practice, there is. .... Yogi Berra
Wheeler, David A
I should note that I was *really* glad to see this particular article. This article is important, and I'm glad John Scott pointed it out.
--- David A. Wheeler
Christopher Sean Morrison
On Mar 12, 2012, at 3:30 PM, Karl Fogel wrote:
> 1) Forwarding just the relevant excerpt, with no source URL
> 2) Forwarding the relevant excerpt, *with* the source URL
> 3) Forwarding the entire article (maybe with a source URL)
>
> Lee's request was to to do (2). Christopher's response seems to be
> saying "Please no, I don't like (3), so do (1)".
>
> Couldn't we all be happy with (2)? :-)
Given the post included a URL to the article, I inferred the request for "all" URLs was to forward the entire article. I'm certainly happy with just the excepts with the source link(s), i.e., how John Scott has always sent them. My response was to keep things how they are, not strip URLs ala (1).
Cheers!
Sean
Lee Fisher
> Given the post included a URL to the article,[...]
Huh? If so, I'm sorry. The message I saw[1] included no URL to the
original web page. Just the copied text from a web page or HTML newsletter.
Maybe you were reading HTML/RTF/rich email text? I'm only reading ASCII
message.
So, since original forwarding had no URL, but did include author and
title, I could go search for the author and hope to find the original
source. But all I was hoping for was an URL back to the original source,
which I didn't see.
Yes, shorter is better, a summary is nice. This particular forwarding of
HTML could have removed the "Related articles" and "read more" links
that didn't exist.
Thanks to John for forwarding this and other articles, this is helpful!
I'm trying to use this OSS/mil gov sector data to help with
OSS/educattional gov sector[0], so if it's obvious to which
blog/magazine site this was from, it wasn't to me, apologies.
[0]
http://linuxfestnorthwest.org/session/help-us-get-open-source-used-local-schools
[1] Here's the msg that I saw, no URL in it:
-------- Original Message --------
Subject: [mil-oss] Fwd: | 03.08.12 | Open source license terms provoke
Antideficiency concerns
Date: Thu, 8 Mar 2012 14:59:30 -0500
From: John Scott III <jms...@gmail.com>
Reply-To: mil...@googlegroups.com
To: mil...@googlegroups.com
Begin forwarded message:
> 1. Army lawyers dismiss Apache license indemnification snafu
> By David Perera Comment | Forward | Twitter | Facebook | LinkedIn