Open source software could be the key to modernizing and updating the Department of Defense’s (DoD) weapons and communications systems with software patches and updates, according to U.S. Air Force CIO Lauren Knausenberger.
“It is entirely possible that a future conflict to preserve our way of life is decided by features, fixes, and updates to software intensive systems that must take place in minutes or hours,” said Knausenberger during her testimony May 11 before a joint hearing of the House Subcommittees on Investigations and Oversight, and on Research and Technology.
“And this means that we must learn quickly as a department and leverage the knowledge and best practices of the entire development community,” she added.
Knausenberger said she was “bullish” on the use of open source software, and that open source makes software more secure through the process of more people looking at it.
Investigations and Oversight Subcommittee Chairman Bill Foster, D-Ill., said that there are many benefits to open source software, including that it’s freely available for anyone to use or modify, and it’s commonly used in scientific research.
“And yet, despite its importance, open source only draws attention when something goes wrong,” said Rep. Foster. “The Log4j project and its vulnerability, called Log4Shell, reminded everyone of the dangers of neglecting open-source software. The sheer breadth of organizations affected by a vulnerability in a single piece of software drove home just how much everyone relies on open source.”
Knausenberger noted that having bugs in a system is common and that if they aren’t found, it’s because no one is looking for them.
“You do have situations where like with SolarWinds, you could have a sophisticated adversary come in, inject malware, and have it be months before anyone knows that there’s a problem,” Knausenberger said. “In the open source community we’ve seen with a number of examples that we just catch it faster, we can push it faster, we have more people trying to fix it faster and spread the word,” she said.