The NSA Has (Sort of) Gone Open-Source


Believe it or not, the National Security Agency (NSA) has gone open-source. The agency that is often the scorn of the broader tech community now has its own GitHub profile with over 30 projects listed.

All 32 projects were created and distributed entirely by the NSA. It hasn’t said why they’re now open-source, but it doesn’t seem to have released anything dangerous or odd. From the NSA:

The [projects] were developed within the National Security Agency (NSA) and are now available to the public via Open Source Software (OSS). The NSA Technology Transfer Program (TTP) works with agency innovators who wish to use this collaborative model for transferring their technology to the commercial marketplace. OSS invites cooperative development of technology, encouraging broad use and adoption. The public benefits by adopting, enhancing, adapting, or commercializing the software. The government benefits from the open source community’s enhancements to the technology.

Its (alphabetical) project list includes Apache Accumulo, a “sorted, distributed key/value store that provides robust, scalable data storage and retrieval.” Femto is described as “an indexing and search system for queries on sequences of bytes that offers lightning-fast searches on data of arbitrary formats,” while Opal “manages and standardizes existing commercial hard drives.”

Other projects are more niche, but may still find an audience. Welm “retrieves the definitions of Windows Event Log messages embedded in operating system binaries,” for example, while Redhawk is “a software-defined radio (SDR) framework designed to support the development, deployment, and management of real-time software radio applications.”

When it comes to security protocols (the very thing we’d expect from the NSA), there aren’t a ton of projects, or at least nothing that isn’t already possible. Casa handles certificate authority certificates on Windows, DCP makes copying hard drives for forensic purposes faster, and SSG “delivers security guidance, baselines, and associated validation mechanisms using the Security Content Automation Protocol (SCAP) for hardening Red Hat products.”

It’s not clear why the NSA chose to release these projects. The easiest explanation is ongoing damage control; the agency has a deep, dark black eye after Edward Snowden’s revelations about its behind-the-scenes practices, and Microsoft recently blamed it for the ‘WannaCry’ ransomware. It is actively managing its repos, so at least it’s not dead tech the NSA has foisted upon the open source world.