While preparing to attend the 4th Military Open Source Working Group meeting, it was refreshing and affirming to receive a notification for the event dress code:
Please remember that this is an open source software event and in honor of the glorious developers, casual attire is expected. In the event you come wearing a coat, a T-shirt will be provided to you at the door.
I knew this was a crowd I wanted to hangout with. And the execution of the event was even more interesting. I can hardly wait for the next meeting. Here are some highlights:
Addressing export control regulations
The U.S. Federal Government has strict export control regulations for items that could affect national security. Among them are a particular set for items that are or could be used to build weapons. These regulations apply to all institutions operating inside the country, from non-profits to private companies, and government agencies. Of course, they are more stringently applied to the Department of Defense.
Because open source software is an "export" by default once it is posted online, it is always a concern that the exposure of the code may be violating a regulation. Encryption is a common problem and companies like Mozilla have an Export Control Classification.
Export control is a daily issue for military open source software. So, it was great to hear that there are ongoing efforts to share information among government personel and their lawyers to gain a better understanding of open source software and how these regulations apply to it.
Cultural changes in government
Mixing the agile culture of open source with the disciplined culture of the U.S. military is understandably not always easy. The great advice of Deb Bryant on this issue was: "You change culture by working together on small projects." This resonated with me, given other experiences around the intersection of open source and government organizations. It is through seeing, living, and breathing open source software in small, low-stakes projects that we build appreciation and understanding across these two cultures.
Security through transparency
The Mil-OSS crowd was clearly over the widespread myth that one can be safer by keeping code secret, because in that way enemies won't be able to discover vulnerabilities. They understood that to be secure is instead to put their house in order and write high quality code, then perform tests for vulnerabilities. Basically, if you don't feel confident enough about the security of your code to post it in the open, then you probably should stop using it and go fix it.
Open source and predictive analytics
Supreme excellence consists in breaking the enemy's resistance without fighting.
Open source software in military operations is enabling the use of predictive analytics to address problems before they erupt into armed conflict—often a short window of 10 days. Which means developers must be in the field to understand the particular challenges and respond fast enough.
An insightful observation was made about the need to rebuild communities as the ultimate way to resolve conflict. After all, one of the reasons groups turn to fighting is the absence of an economic and social future, leading them to despair.
Additionally, the Department of Defense is often in situations where "one cannot fail" or there will be grave consequences, so they are choosing to build on top of open components that will integrate and can be reused for multiple purposes. In these critical cases, proprietary solutions "just don't work" because by their nature they are rigid, isolated, and hidden from the user.
Dave Wheeler spoke on how to ensure source code and data can be reused when involving contractors in government projects. In this way, our tax dollars are used more efficiently and provide the best return on investment for the public. Also, a new generation of program managers are being trained in our government to understand the inner workings of open source software. They hold the promise that the government will one day soon enjoy the same benefits from open source that private institutions do today.
To learn more, join the Mil-OSS group discussion.