Home' Army Acquisition Logistics and Technology Magazine : Army ALT January-March 2017 Contents MAGNIFYING OPEN SOURCE ADVANTAGES
domain name lookups, reassembled website requests or decoded
According to Tracy Braun, a computer scientist in the Network
Security Branch of ARL and the team lead for the Dshell project,
the ability to customize the tool and quickly share the changes
within its small community made it a good candidate for open
sourcing to the wider scientific community.
ARL released Dshell to GitHub, one of many websites that hosts
repositories for open source content, for two primary reasons.
First, Dshell is a useful tool for keeping networks safe. By sharing
it with the world, more security teams gain another specialized
tool to keep their networks secure. It improves ARL local secu-
rity by improving the security of the Internet as a whole. The
second is common to all open source software: to improve the
quality of the tool by increasing the number of skilled eyes look-
ing for bugs and potential improvements throughout the code.
GitHub was chosen for Dshell also because it allows members
to easily download software code and store edits they make, and
provides a mechanism to offer feedback to the original software
The Dshell team is aware of the risks of putting security-related
government code into the wild. However, the benefits, in many
cases, outweigh the risks. The Dshell team decided that provid-
ing the means for good actors to review the code and identify
any weaknesses exploitable by bad actors is of greater value than
attempting to keep it secure through obscurity.
Users can create copies of Dshell and do what they want with it.
ARL, in this case, or the host organization of any open source
release, has no control over the copies. This is a lot like sending
someone a favorite recipe. You cannot stand over his or her shoul-
der to make sure the recipe is followed to your exact specifications.
However, if savvy cooks make improvements to the recipe, they
can be passed to you the next time you meet, making your version
of the recipe better. The same is true with open source. If others in
the community make improvements to the code, they can easily
share them with the development team to incorporate into the
official version. And that is just what happened.
As of June 2016, users have created more than 11,000 copies
of the Dshell tool and have offered 62 suggested modifications.
The shared modifications, formally named “pull requests,” do
exactly what was hoped. Community members found and fixed
bugs that the Dshell team missed, and even added new features
that improve ARL’s ability to detect malicious actors. Addition-
ally, rolling the enhancements into the official version makes
it easier to share the software across organizations. Instead of
emailing files or sending CDs, collaborators can be pointed to
the GitHub page to download the latest updates.
OPEN SOURCE EXPANSION
Some agencies, like NASA, adopted open source early. In 2014,
NASA released more than 1,000 of its projects in one mass
distribution. Others—like the National Security Agency, the
National Guard and the Air Force Research Laboratory—joined
The most all-inclusive DOD guidance for open source soft-
ware came from the DOD CIO in 2009. The memorandum
addressed a popular misconception that open source software is
forbidden by the DOD Information A ssurance Policy.
Cem Karan, a computer engineer at ARL working to develop
ARL’s formal open source process, described the more realistic
hurdles for releasing Dshell and other ARL projects. “A s an
individual, open sourcing software means simply adding a user
name and an email address, and then uploading or downloading
software as I wish. Conversely, if I publish on behalf of ARL, I
MORE EYES, MORE UPDATES, STRONGER SOFTWARE
Sharing network security software on open source forums yields dual
benefits: Other security teams get a tool to keep their networks secure,
and the overall quality of the product is improved as others download,
debug and upgrade it. (Image by U.S. Army Acquisition Support Center)
90 Army AL&T Magazine
Links Archive Army ALT October-December 2016 Army ALT April-June 2017 Navigation Previous Page Next Page