Free and Open Source Software (FOSS) is characterised not only by a technical core but also by a strong normative one: transparency, collaboration, and the freedom to use software for any purpose, whether private or commercial. Yet it is precisely this last principle that, in many respects, gives rise to debate. Ever since modern software began being used in security-critical and military contexts, an uncomfortable question has arisen: Do developers bear a moral responsibility for who uses their code and how?
Recent developments are further intensifying this debate. One example is the discussion surrounding the easyjson software library, a small programming tool used by many projects. When it emerged that there might be links to a major Russian internet company, concerns arose that even seemingly innocuous Open Source components could have political or security implications. This discussion goes even further than the long-standing issue of software dependencies with questionable maintenance or the general lack of transparency surrounding software dependencies. This, in turn, relates to a problem that has been known for many years, which, for example, attracted global attention during the ‘Log4j’ incident in 2021. That type of issue, which does not only affect Open Source development exclusively,is frequently addressed in pop-culture. [1]
At the same time, media organizations such as Reuters report that countries like China are actively promoting Open Source to build technological capabilities. This promotion is not merely general in nature but is part of strategic programs in which government agencies, universities, and companies collaborate on open technologies, such as in the fields of artificial intelligence, cloud infrastructure, or semiconductor design. The goal is to reduce technological dependencies while simultaneously building expertise that can also be utilized in a military context. [2]
China is by no means an isolated case. Other countries, including Western nations, are also making targeted use of open source in the defence sector. In the U.S., for example, the Department of Defence has been promoting Open Source software for years to accelerate innovation and reduce costs; programs such as the use of open platforms for cyber defence or data analysis are well documented. Many European countries use Open Sourceto make their military IT systems more transparent and less dependent on individual vendors. These examples show that FOSS is no longer merely a development model but also plays a role in global politics, security, and strategic competitiveness. However, this gives rise to entirely new dynamics surrounding Open Source development and for contributors to FOSS. [3]
The Ethical Dimension: Responsibility vs. Freedom
At the heart of the debate lies an ethical question. Many developers find it problematic when their work is used in military contexts, particularly when it involves weapons systems, surveillance technologies, or potential repression. The desire to rule out such uses stems from an understandable need for moral integrity. Software is no longer abstract, it has a concrete impact on the world and can cause harm. In this sense, it seems legitimate that creators would want to influence how their work is used.
At the same time, this stance comes into direct conflict with one of the fundamental principles of FOSS. The Open Source Initiative defines openness precisely by the fact that there must be no restrictions regarding the scope of use. The Free Software Foundation Europe defines free software through the four freedoms: 1. Others may understand the software (read its source code). 2. Others may distribute it to third parties without restriction. 3. The source code may be adapted to one’s own needs. 4. The software may be “used for any purpose and is free from restrictions such as the expiration of a licence or arbitrary geographical restrictions” [4].
As soon as a licence prohibits certain uses, including military ones, it no longer meets these criteria. This raises not only a moral question but also a conceptual one: Can software still be considered “Free and Open Source” if it selectively excludes certain uses? Added to this is the problem of so-called dual-use technologies. The same algorithm can improve medical diagnoses or support military targeting systems, meaning that restrictions often affect civilian innovations as well. Specifically: Fundamental and widely used Open Source components, such as the cURL network library or Linux, can be used for every conceivable purpose: military, humanitarian, commercial, private, etc.
Legal Reality: Between Regulation and Loss of Control
In addition to the ethical dimension, legal reality plays a decisive role. Even though Open Source is supposed to be free in principle, numerous regulatory interventions already exist. Export controls, sanctions, and national security laws restrict access to certain technologies or exchanges with certain countries. Platforms and companies are forced to comply with these requirements, even if they contradict the spirit of FOSS. Regulations such as export licences for software with potential military use demonstrate that the freedom of code has long been relativised in practice. [5, 6]
At the same time, the attempt to explicitly exclude military use leads to significant legal uncertainty. The term “military use” is vague and context-dependent. Is software already considered to be in military use if it is employed by an army for administrative purposes? Or only when it is directly integrated into weapons systems? Such ambiguities deter companies and organizations that rely on a reliable legal framework. Added to this is a practical problem: Open Source cannot be controlled in the same way as proprietary software. Once published, code spreads globally, is mirrored, forked, and further developed in parallel by different actors. [5, 6]
Strategic Perspectives: Security, Sovereignty, and Risk
From a strategic perspective, too, the situation is ambivalent. On the one hand, open source can contribute to digital sovereignty by enabling states and organizations to build independent infrastructures. Especially in the context of geopolitical tensions, this can be crucial to avoiding dependence on individual providers or states. On the other hand, states exploit precisely this openness to expand their own military capabilities.
Interestingly, some even argue that Open Source software offers particular advantages in the defence sector. Transparency can help identify security vulnerabilities more quickly and build trust in critical systems. Proprietary solutions, on the other hand, carry the risk of hidden vulnerabilities or backdoors. At the same time, concerns remain that this same openness also benefits potential adversaries and accelerates technological arms races.
Conclusion: Not an Easy Decision
The debate over open source and military use cannot be reduced to simple answers. It is characterised by a fundamental tension between individual moral standards, collective principles of openness, legal frameworks, and geopolitical interests. Each perspective offers valid arguments, but these are not easily reconciled with one another.
Furthermore, it is not helpful in this debate to categorically distinguish the use of software as “good” or “bad” based solely on its licence. Free and Open Source Software offers many advantages, particularly in terms of transparency, trust, and digital independence, as we have illustrated several times in this blog. However, the licence alone is no guarantee of ethical or unethical use of the “software” as a tool, especially since this distinction is context-dependent and often anything but objectively assessable.
Perhaps the real challenge lies in not reducing the debate solely to the level of licences. Neither strict bans nor complete deregulation can adequately reflect the complex realities. Instead, a broader societal discussion is needed about what role technology should (and may) play in conflicts and what responsibilities different actors bear.
Sources
- Burgess, M (2025): Security Researchers Warn a Widely Used Open Source Tool Poses a ‘Persistent’ Risk to the US. URL: https://www.wired.com/story/easyjson-open-source-vk-ties/
- Nellis, S (2024): China rallies open-source software efforts advance military aims, US defense group says. URL: https://www.reuters.com/technology/china-rallies-open-source-softwar e-efforts-advance-military-aims-us-defense-2024-05-31/
- Daxhelet, É (2025): Beyond the Switch: How Austria’s Military Became an Open Source Contributor. URL: https://interoperable-europe.ec.europa.eu/collection/open-source-obs ervatory-osor/news/austrias-military-goes-open-source
- Free Software Foundation Europe (2026): What is Free Software? The Four Freedoms. URL: https://fsfe.org/freesoftware/freesoftware.html
- Rähm, J (2016): Wie sinnvoll sind Ausschlussklauseln? URL: https://www.deutschlandfunk.de/open-source-software-wie-sinnvoll-sin d-ausschlussklauseln-100.html
- The Linux Foundation: Navigating Global Regulations and Open Source: US OFAC Sanctions. URL: https://www.linuxfoundation.org/blog/navigating-global-regulations-a nd-open-source-us-ofac-sanctions