1. Open Source Software (OSS or FLOSS), the U.S. Department of Defense (DoD), and NASA David A. Wheeler March 29, 2011 This presentation contains the views of the author and does not indicate endorsement by IDA, the U.S. government, or the U.S. Department of Defense. This is not legal advice; variations of specific facts can produce different results.

8. Comparing GOTS, COTS Proprietary, and COTS OSS OSS is not always the right answer... but it’s clear why it’s worth considering (both reusing OSS and creating new/modified OSS)

17. DFARS 252.227-7014 contract clause defaults (June 1995) Condition Can government release as OSS? Can con-tractor? Developed exclusively with government funds. Yes. The government has unlimited rights (essentially the same rights as a copyright holder). Per (b)(2)(ii), the 5-year period from mixed funding can be negotiated to a different length of time, and it starts “upon execution of the contract, subcontract, letter contract (or similar contractual instrument), contract modification, or option exercise that required development of the computer software.” Yes. Copyright is held by the contractor/supplier. Developed by mixed funding (government partly paid for its development) and (sub)contract execution/mod more than 5 years ago. Developed by mixed funding (government partly paid for its development) and (sub)contract execution/mod less than 5 years ago. No. The government does not have sufficient rights. Per (b)(2)(ii), the 5-year period from mixed funding can be negotiated to a different length of time; during this time the government only has “government purpose rights.” If software is developed exclusively at private expense, by default the government only has “restricted rights”; the government should be wary of dependencies on such components. The government can negotiate for greater rights per (b)(3) and (b)(4). Developed exclusively at private expense.

18. FAR 52.227-14 contract clause defaults, first produced in contract Condition Can government release as OSS? Can contractor? Government has not granted the contractor the right to assert copyright (default) Yes. The government normally has unlimited rights (essentially the same rights as a copyright holder) per (b)(1). In the FAR source code is software, and software is data, so source code is data. No . The contractor may request permission to assert copyright. Government has granted the contractor the right to assert copyright (e.g., via specific written permission or via clause alternate IV). No. The government does not have sufficient rights per (c)(1)(iii); it cannot distribute copies to the public. The government should be wary of granting a request to assert copyright, as it permanently loses many rights to data it paid to develop. Yes . The contractor may assert copyright.

25. Backup charts

41. Open Technology Development (OTD)

43. FLOSS License Slide: Determining License Compatibility Public Domain MIT/X11 BSD-new Apache 2.0 Permissive Weakly Protective Strongly Protective LGPLv2.1 LGPLv2.1+ LGPLv3 (+) MPL 1.1 GPLv2 GPLv2+ GPLv3 (+) Affero GPLv3 A -> B means A can be merged into B

44. Acronyms (1) ‏ BSD: Berkeley Software Distribution COTS: Commercial Off-the-Shelf (either proprietary or OSS) DFARS: Defense Federal Acquisition Regulation Supplement DISR: DoD Information Technology Standards and Profile Registry DoD: Department of Defense DoDD: DoD Directive DoDI: DoD Instruction EULA: End-User License Agreement FAR: Federal Acquisition Regulation FLOSS: Free-libre / Open Source Software FSF: Free Software Foundation (fsf.org) GNU: GNU’s not Unix GOTS: Government Off-The-Shelf (see COTS) GPL: GNU General Public License HP: Hewlett-Packard Corporation IPR: Intellectual Property Rights; use “Intellectual Rights” instead IT: Information Technology LGPL: GNU Lesser General Public License

45. Acronyms (2) ‏ MIT: Massachusetts Institute of Technology MPL: Mozilla Public License NDI: Non-developmental item (see COTS) OMB: Office of Management & Budget OSDL: Open Source Development Labs OSI: Open Source Initiative (opensource.org) OSJTF: Open Systems Joint Task Force OSS: Open Source Software PD: Public Domain PM: Program Manager RFP: Request for Proposal RH: Red Hat, Inc. ROI: Return on Investment STIG: Security Technical Implementation Guide TCO: Total Cost of Ownership U.S.: United States USC: U.S. Code V&V: Verification & Validation Trademarks belong to the trademark holder.