Ideally, any software the government buys or any firmware that ships on hardware the government buys should be FOSS, but not necessarily released to the public right away (i.e. if there’s a legitimate national security risk). That gives the government the option to fix issues they run into instead of being forced to wait for the vendor to fix them (if they ever do).
I’m sure a lot of military software, in contrast, is acquired from private companies that retain IP rights. Likely legal exceptions aside.
Ideally, any software the government buys or any firmware that ships on hardware the government buys should be FOSS, but not necessarily released to the public right away (i.e. if there’s a legitimate national security risk). That gives the government the option to fix issues they run into instead of being forced to wait for the vendor to fix them (if they ever do).