air force approved software list 2021

It's likely that peptides are in fact banned from the military, but until we get a straight answer we'll leave this question open-ended. Similarly, delaying a components OSS release too long may doom it, if another OSS component is released first. Q: Is the GPL compatible with Government Unlimited Rights contracts, or does the requirement to display the license, etc, violate Government Unlimited Rights contracts? Most of the Air Force runs on excel VBA because of this. (Supports Block Load, Room-by-Room Load, Zone-by-Zone and Adequate Exposure Diversity or AED Calculations) Wrightsoft Right-J8. In addition, a third party who breaches a software license (including for OSS) granted by the government risks losing rights they would normally have due to the doctrine of unclean hands. Others do not like the term GOSS, because GOSS is not actually OSS, and they believe the term can be misleading. DAF COVID-19 Statistics - January 2022. Some more military-specific OSS programs created-by or used in the military include: One approach is to use a general-purpose search engine (such as Google) and type in your key functional requirements. The purpose of Department of Defense Information Network Approved Products List (DODIN APL) is to maintain a single consolidated list of products that have completed Interoperability (IO) and Cybersecurity certification. BSD TCP/IP suite - Provided the basis of the Internet, Greatly increased costs, due to the effort of self-maintaining its own version, Inability to use improvements (including security patches and innovations) by others, where it uses a non-standard version instead of the version being actively maintained, Greatly increased cost, due to having to bear the, Inability to use improvements (including security patches and innovations) by others, since they do not have the opportunity to aid in its development, Obsolescence due to the development and release of a competing commercial (e.g., OSS) project. This memorandum only applies to Navy and Marine Corps commands, but may be a useful reference for others. The GPL version 2 and the GPL version 3 are in principle incompatible with each other, but in practice, most released OSS states that it is GPL version 2 or later or GPL version 3 or later; in these cases, version 3 is a common license and thus such software is compatible. The Air Force thinks it's finally found a way. The doctrine of unclean hands, per law.com, is a legal doctrine which is a defense to a complaint, which states that a party who is asking for a judgment cannot have the help of the court if he/she has done anything unethical in relation to the subject of the lawsuit. The more potential users, the more potential developers. Choose a license that best meets your goals. The DoD Antivirus Software License Agreement with McAfee allows active DoD employees to utilize the antivirus software for home use. In some cases, it may be wise to release software under multiple licenses (e.g., LGPL version 2.1 and version 3, GPL version 2 and 3), so that users can then pick which license they will use. Yes; Why Open Source Software / Free Software (OSS/FS, FLOSS, or FOSS)? GOTS software should not be released when it implements a strategic innovation, i.e. Software that meets very high reliability/security requirements, aka high assurance software, must be specially designed to meet such requirements. An OTD project might be OSS, but it also might not be (it might be OGOTS/GOSS instead). Many DoD capabilities are accessible via web browsers using open standards such as TCP/IP, HTTP, and HTML; in such cases, it is relatively easy to use or switch to open source software implementations (since the platforms used to implement the client or server become less relevant). (The MIT license is similar to public domain release, but with some legal protection from lawsuits.). Consider anticipated uses. REFERENCES: (a) AFI 33-210, "Air Force Certification and Accreditation (C . In contrast, typical proprietary software costs are per-seat, not per-improvement or service. Not under typical open source software licenses based on copyright, but there is an alternative with the same practical effect. Clarifying Guidance Regarding Open Source Software (OSS) states that "Software items, including code fixes and enhancements, developed for the Government should be released to the public (such as under an open source license) when all of the following conditions are met: The government or contractor must determine the answer to these questions: Source: Publicly Releasing Open Source Software Developed for the U.S. Government. There are many definitions for the term open standard. Requiring that all developers be cleared first can reduce certain risks (at substantial costs), where necessary, but even then there is no guarantee. You must release it without any copyright protection (e.g., as not subject to copyright protection in the United States) if you release it at all and if it was developed wholly by US government employee(s) as part of their official duties. There are valid business reasons, unrelated to security, that may lead a commercial company selling proprietary software to choose to hide source code (e.g., to reduce the risk of copyright infringement or the revelation of trade secrets). Such developers need not be cleared, for example. Q: Is there a risk of malicious code becoming embedded into OSS? The GNU General Public License (GPL) is the most common OSS license; while you do not need to use the GPL, it is often unwise to choose a license incompatible with the majority of OSS. Similarly, SourceForge/Apache (in 2001) and Debian (in 2003) countered external attacks. Q: What are indicators that a specific OSS program will have fewer unintentional vulnerabilities? Air Force - (618)-229-6976, DSN 779. It may be found at, US Army Regulation 25-2, paragraph 4-6.h, provides guidance on software security controls that specifically addresses open source software. 2518(4)(B) says that, An article is a product of a country or instrumentality only if (i) it is wholly the growth, product, or manufacture of that country or instrumentality, or (ii) in the case of an article which consists in whole or in part of materials from another country or instrumentality, it has been substantially transformed into a new and different article of commerce with a name, character, or use distinct from that of the article or articles from which it was so transformed. The CBP also pointed out a ruling (Data General v. United States, 4 CIT 182 (1982)), that programming a PROM performed a substantial transformation. It is far better to fix vulnerabilities before deployment - are such efforts occuring? It is usually far better to stick to licenses that have already gone through legal review and are widely used in the commercial world. In many cases, yes, but this depends on the specific contract and circumstances. OGOTS/GOSS software is often not OSS; software is only OSS if it meets the definition of OSS. The world's number-one enterprise cloud gives the DoD the power to capture, analyze, and retrieve important information quickly . Cyberspace Capabilities Center Home For almost as long as smartphones have existed, defense IT leaders have wondered aloud whether they'd ever be able to securely implement a bring-your-own-device (BYOD) approach to military networks. If it must work with other components, or is anticipated to work with other components, ensure that the license will permit those anticipated uses. If you are looking for an application that has wide use, one of the various lists of open source alternatives may help. Air Force, U.S. Navy, and U.S. Marine Corps, and to participating agencies in-volved with supportability analysis sum-maries and provisioning/item selection functions by, or for, Department of Defense weapons systems, equipment, publications, software and hardware, training, training devices, and support equipment. The DoD has not expressed a position on whether or not software should be patented, but it is interested in ensuring that software that effectively supports its missions can be developed in a cost-effective, timely, and legal manner. It depends on the goals for the project, however, here are some guidelines: Public domain where required by law. Army - (703) 602-7420, DSN 332. These cases were eventually settled by the parties, but not before certain claims regarding the GPLv2 were decided. (US Air Force/Airman 1st Class Jacob T. Stephens) . However, if youre going to rely on the OSS community, you must make sure that the OSS community for that product is active, and that you have suitably qualified staff to implement the upgrades/enhancements developed by the community. This makes the expectations clear to all parties, which may be especially important as personnel change. Thus, even this FAQ was developed using open source software. More recent decisions, such as the 1982 decision B-204326 by the U.S. Comptroller General, continue to confirm this distinction between gratuitous and voluntary service. 1.1.3. The DSOP is joint effort of the DOD's Chief Information Officer, Office of the Undersecretary of Defense for Acquisition and Sustainment. Such mixing can sometimes only occur when certain kinds of separation are maintained - and thus this can become a design issue. One way to deal with potential export control issues is to make this request in the same way as approving public release of other data/documentation. Many projects, particularly the large number of projects managed by the Free Software Foundation (FSF), ask for an employers disclaimer from the contributors employer in a number of circumstances. In short, the ADAs limitation on voluntary services does not broadly forbid the government from working with organizations and people who identify themselves as volunteers, including those who develop OSS. All executables that is not on a base approval list will soon be blocked. Many development tools covered by the GPL include libraries and runtimes that are not covered by the GPL itself but the GPL with a runtime exception (e.g., the CLASSPATH exception) that specifically permits development of proprietary software. Since it is typically not legal to modify proprietary software at all, or it is legal only in very limited ways, it is trivial to determine when these additional terms may apply. If the standard DFARS contract clauses are used (see DFARS 252.227-7014), then unless other arrangements are made, the government has unlimited rights to a software component when (1) it pays entirely for the development of it (see DFARS 252.227-7014(b)(1)(i)), or (2) it is five years after contract signature if it partly paid for its development (see DFARS 252.227-7014(b)(2)). In addition, widely-used licenses and OSS projects often include additional mechanisms to counter this risk. Software might not infringe on a patent when it was released, yet the same software may later infringe on a patent if the patent was granted after the softwares release. This webpage is a one-stop reference to help answer questions regarding proper wear of approved Air Force uniform items, insignias, awards and decorations, etc. It also notes that OSS is a disruptive technology, in particular, that it is a move away from a product to a service based industry. If that competitors use of OSS results in an advantage to the DoD (such as lower cost, faster schedule, increased performance, or other factors such as increased flexibility), contractors should expect that the DoD will choose the better bid. A component of Air University and Air Education and Training Command, AFIT is committed to providing defense-focused graduate and professional continuing education and research to sustain the technological . A copyright holder who releases creative works under one of the Creative Common licenses that permit commercial use and modifications would be using an OSS-like approach for such works. Unfortunately, this typically trades off flexibility; the government does not have the right to modify the software, so it cannot fix serious security problems, add arbitrary improvements, or make the software work on platforms of its choosing. Note that this sometimes depends on how the program is used or modified. Commercial software (including OSS) that has widespread use often has lower risk, since there are often good reasons for its widespread use. Currently there are no IO Certificates available for this Tracking Number. Her work has appeared in Air Force Magazine, Inside Defense, Inside Health Policy, the Frederick News-Post (Md. It may be illegal to modify proprietary software, but that will normally not slow an attacker. Distribution Mixing GPL and other software can be stored and transmitted together. Thus, avoid releasing software under only the original (4-clause) BSD license (which has been replaced by the new or revised 3-clause licence), the Academic Free License (AFL), the now-abandoned Common Public License 1.0 (CPL), the Open Software License (OSL), or the Mozilla Public License version 1.1 (MPL 1.1). So if the program is being used and not modified (a very common case), this additional term has no impact. Department of the Air Force E-Publishing > Publications + Forms - AF For disposal or recycling per NSA/CSS Policy Manual 9-12, "Storage Device Sanitization and Destruction Manual": Information stored on these . Industry Partners / Employers. Choose a license that has passed legal reviews and is clearly accepted as an OSS license. Look at the Numbers! AFCWWTS 2021 BREAKOUT SESSION Coming Soon. In the Intelligence Community (IC), the term open source typically refers to overt, publicly available sources (as opposed to covert or classified sources). Q: What are the risks of failing to consider the use of OSS components or approaches? Basic Training Packing List for Each Military Branch Continuous and broad peer-review, enabled by publicly available source code, improves software reliability and security through the identification and elimination of defects that might otherwise go unrecognized by the core development team. Under the default DFARS and FAR rules and processes, the contractor often keeps and exercise the rights of a copyright holder, which enables them to release that software as open source software (as long as other laws and regulations are met). Congress approves retirement of 160+ Air Force planes - with one If the project is likely to become large, or must perform filtering for public release, it may be better to establish its own website. Thus, they are all strategies for sharing the development and maintenance costs of software, potentially reducing its cost. Q: Isnt OSS developed primarily by inexperienced students? This has never been true, and explaining this takes little time. PDF Administrative Change to AFI 38-206, Additional Duty Management OTD depends on open standards and interfaces, open source software and designs, collaborative and distributed online tools, and technological agility. As noted in the article Open Source memo doesnt mandate a support vendor (by David Perera, FierceGovernmentIT, May 23, 2012), the intent of the memo was not to issue a blanket requirement that all open source software come bundled with contractor support or else it cant be used If a Defense agency is able to sustain the open source software with its own skills and talents then that can be enough to satisfy the intent of the memo. In addition, How robust the support plan need be can also vary on the nature of the software itself For command and control software, the degree would have to be greater than for something thats not so critical to mission execution. Q: Do choice of venue clauses automatically disqualify OSS licences? AFCWWTS 2021 GUEST LIST Coming Soon. Q: How can you determine if different open source software licenses are compatible? But what is radically different is that a user can actually make a change to the program itself (either directly, or by hiring someone to do it). This memorandum surveys U.S. economic sanctions and anti-money laundering ("AML") developments and trends in 2022 and provides an outlook for 2023. Enforcing the GNU GPL by Eben Moglen is a brief essay that argues why the GNU General Public License (GPL), specifically, is enforceable. Application Mixing GPL can rely on other software to provide it with services, provided either that those services are either generic (e.g., operating system services) or have been explicitly exempted by the GPL software designer as non-GPL components. Download Adobe Acrobat Reader. If your contract has FAR clause 52.212-4 (which it is normally required to do), then choice of venue clauses in software licenses are undesirable, but the order of precedence clause (in the contract) means that the choice of venue clause (in the license) is superseded by the Contract Disputes Act. before starting have a clear understanding of the reasons to migrate; ensure that there is active support for the change from IT staff and users; make sure that there is a champion for change the higher up in the organisation the better; build up expertise and relationships with the OSS movement; ensure that each step in the migration is manageable. Software licenses (including OSS licenses) may also involve the laws for patent, trademark, and trade secrets, in addition to copyright. However, the required FAR Clause 52.212-4(d) establishes that This contract is subject to the Contract Disputes Act of 1978, as amended (41 U.S.C. It is available at, The Office of Management and Budget issued a memorandum providing guidance on software acquisition which specifically addressed open source software on 1 Jul 2004. Note that merely being released by a US firm is no guarantee that there is no malicious embedded code. Otherwise, choose some existing OSS license, since all existing licenses add some legal protections from lawsuits. You can support OSS either through a commercial organization, or you can self-support OSS; in either case, you can use community support as an aid. In some cases a DoD contractor may be required to transfer copyright to the government for works produced under contract (see DFARS 252.227-7020). Units. In Wallace vs. FSF, Judge Daniel Tinder stated that the GPL encourages, rather than discourages, free competition and the distribution of computer operating systems and found no anti-trust issues with the GPL. A Boston Consulting Group study found that the average age of OSS developers was 30 years old, the majority had training in information technology and/or computer science, and on average had 11.8 years of computer programming experience. It's like it dropped off the face of the earth. Q: What are Open Government Off-the-Shelf (OGOTS) or Government OSS (GOSS)? However, often software can be split into various components, some of which are classified and some of which are not, and it is to these unclassified portions that this text addresses. Video conferencing platforms Zoom and Microsoft Teams are both FedRamp approved, but while Zoom offers end-to-end encryption, Microsoft Teams does not, according to the National Security Agency . . They can obtain this by receiving certain authorization clauses in their contracts. As noted above, in nearly all cases, open source software is considered commercial software by U.S. law, the FAR, and the DFARS. Flight Inspection. This General Service Administration (GSA . Permissive: These licenses permit the software to become proprietary (i.e., not OSS). Yes. That said, other factors may be more important for a given circumstance. 2019 Approved Software Developers of Paper 2D Forms (PDF 47.33 KB) Final as of April 2, 2020. At this time there is no widely-accepted term for software whose source code is available for review but does not meet the definition of open source software (due to restrictions on use, modification, or redistribution). The Free Software Foundation (FSF) interprets linking a GPL program with another program as creating a derivative work, and thus imposing this license term in such cases. Proprietary COTS is especially appropriate when there is an existing proprietary COTS product that meets the need. 2 Commanders Among 6 Fired from Jobs at Minot Air Force Base Col. Gregory Mayer, the commander of the 5th Mission Support Group, and Maj. Jonathan Welch, the commander of the 5th. GOTS is especially appropriate when the software must not be released to the public (e.g., it is classified) or when licenses forbid more extensive sharing (e.g., the government only has government-purpose rights to the software). Yes. Browse 817 acronyms and abbreviations related to the Air Force terminology and jargon. DoD Software Modernization Strategy Approved > U.S. Department of As noted by the 16 October 2009 policy memorandum from the DoD CIO, in almost all cases OSS is a commercial item as defined by US Law (Title 41) and regulation (the FAR). In short, OSS more accurately reflects the economics of software development; some speculate that this is one reason why OSS has become so common. In 2017, the United States District Court for the Northern District of California, in Artifex Software, Inc.v. Hancom, Inc., issued a ruling confirming the enforceability of the GNU General Public License. This isnt usually an issue because of how typical DoD contract clauses work under the DFARS. Again, if this is the case, then the contractor cannot release the software as OSS without permission, because the contractor doesnt own the copyright. The. Once software exists, all costs are due to maintenance and support of software. As of 2021, the terms freeware and shareware, do not appear to have official definitions used by the United States Government, but historically (for example in the now-superseded DoD Instruction 8500.2) these terms have been used specifically for software distributed without cost where the Government does not have access to the original source code.