Code.mil: An Open Source Initiative at the Pentagon

Building bridges between the Department of Defense and the software development community, one pull request at a time

The Department of Defense (DoD) is a behemoth Federal agency built upon closed proprietary software and legacy systems that have been continually outpaced by modern technology and development standards. While the DoD has made strides towards modernization, one arena that has yet to be fully embraced and implemented is the practice of free and open source software.

Our team at the Defense Digital Service (DDS) was formed by Secretary of Defense to bring in private sector best talent, practices and technology into the DoD. Most of us hail from companies such as Google and Amazon, and from environments where open source is commonplace. We at DDS deeply believe that code developed by Federal employees should be available for reuse and collaboration not only across the rest of government, but the public too.

As a result, we created Code.mil, an initiative that allows developers around the world to reuse and contribute to unclassified code written by Federal employees in support of DoD programs, which in turn support services for millions of people around the globe.

Open source in the Federal space

How Code. mil is different

Rather than going the traditional route, the Code.mil team decided to take an unconventional approach — at least by Pentagon standards.

DDS General Counsel, Sharon Woods, and DDS engineers, Brandon Bouier and Tom Bereknyei, partnered together to create a developer-centric strategy that empowers individual contributors and creatively navigates the legal framework. DDS worked in consultation with organizations like the Open Source Initiative and Free Software Foundation for this first iteration.

We also decided to share a draft strategy on GitHub to actively engage in public discourse and crowdsource community input to codify a licensing pathway that makes the most sense for our unique situation. Through combining both legal and developer expertise, our metric for Code.mil’s success is defined by the level of active collaboration with the free and open source communities on DoD projects rather than written guidance or policy.

Our new licensing strategy

While all of the work done by Federal employees remains in the public domain with no restrictions, public contributors enjoy the protections of widely adopted free and open source licenses. As projects mature, the aggregate work — with all the patches, bug fixes, and additional features — will fall under the license associated with the project. To simplify the contribution process even further, DDS is releasing a GitHub webhook that will facilitate the verification of commits having followed the Developer Certificate of Origin process.

All of these elements collectively allow the DoD to tap into a vast pool of talent and creativity otherwise excluded from contributing to DoD efforts.

What drives Code.mil

As Eric Raymond famously wrote, “given enough eyeballs, all bugs are shallow.”

Opening up DoD codebases for the world to see allows code vulnerabilities to be identified and remediated more quickly than current internal methods. This crowdsourced concept is similar to how public bug bounties like Hack the Pentagon were successful in allowing the public to aid the DoD in identifying and fixing bugs faster and at a lower cost than the DoD could on its own.

Giving everyone the freedom to run, copy, distribute, study, change and improve software developed by DoD is a public good from which everyone should benefit. This is especially true considering that much of the code developed by the Federal government is funded by taxpayer dollars. This is one of the reasons why we are releasing our own custom-developed code on Code.mil.

Our first release, eMCM

Our team developed the eMCM to modernize this process by enabling the military to maintain a canonical “live” edition of the manual that is easily accessible, while also maintaining prior versions of the manual for legal purposes.

We chose to use the Affero General Public License (AGPL) for the eMCM because every military member has the right to know how the raw legal code (i.e., MCM) will be transformed or manipulated by the eMCM. Applying the AGPL is a small but important way to help ensure the public has that freedom and transparency to the process. The eMCM is still in beta so we welcome any suggestions for the viewer.

What’s next on Code.mil

Our hope is that Code.mil will encourage conversation around these topics and allow anyone around the world to contribute knowledge and code for DoD projects. We invite everyone to open an issue or submit a pull request with your ideas on future directions for Code.mil.

Host your project on Code.mil

If you are a Federal employee and have a program or project you would like to share, start the conversation by connecting with us directly at code@dds.mil.

Happy coding!

Defense Digital Service

Written by

The Defense Digital Service: transforming the way the Department of Defense builds and applies technology. A member of the @USDigitalService.