The US DOD (Department of Defence) AppDev STIG (Application Security & Development Security Technical Implementation Guide (AKA) was recently updated (Version 3, Release 4, October 31st 2011) by DISA (Defence Information Systems Agency.) to clarify that it is permissible to use open source software (OSS) in the DoD.
The revised AppDev STIG refers to the 2009 DoD OSS policy meno, Clarifying Guidance Regarding Open Source Software, instead of an older one and has improved definitions for OSS and commercial software. It also makes it clear that special DAA approval is only required if both of the following are true: (1) no source code to review, repair, and extend, and (2) limited or no warranty, but are required for mission accomplishment.
