The amount of open-source software used by the U.S. government might well be one of the biggest secrets in Washington. Not even purveyors of FOSS, as in free and open source software, know the extent of federal agency adoption of nonproprietary software.
Some in the Beltway Loop contend that open source is very prevalent. Others suggest that open source is avoided because its code is exposed for anyone to see.
One thing seems very sure, however. Most government agencies cling to well-known commercial software for desktop services. However, server-side and specialized software is a mixture of contracted code and community packages promulgated on GitHub and other open-source software repositories.
Just how passionately government agencies support and use open-source software may be a question nobody has bothered to pursue. For example, OpenSource.com claims that the U.S. government has directed that open source projects are to be considered equally with proprietary products — but no government guidance is offered for carrying out that directive.
“The involvement varies. A lot of the initiatives for using open source take a cultural change,” Steve Wallo, chief solutions architect for Brocade Federal, told LinuxInsider.
Who Uses OSS?
Some agencies look at open source for a particular mission. Others look at open source for large-scale deployment. So OSS adoption on the federal level is at different stages, said Wallo.
Some of the largest U.S. agencies are known users of open source. For instance, the U.S. Department of Veterans Affairs often is cited as one of the largest federal users of open-source software. If accurate, that would be a significant investment in OSS. The VA is the second largest agency of the U.S. federal government.
Take MongoDB, for instance. This open-source next-generation database has a broad list of government customers, according to Will LaForest, Senior Director of MongoDB Federal. That customer base includes the intelligence community, the Defense Department, and civilian agencies in healthcare, finance, and energy.
“There is actually quite a bit of variation within the government. Some favor OSS as a policy, others “permit” OSS, and some are not open to it at all,” LaForest told LinuxInsider.
On the whole, the government is slower than the commercial world to adopt open source, and there are some substantial obstacles to overcome, he said.
Why No Mandate?
Government agencies are big business customers. That puts open-source solutions at odds with the profit-and-loss calculations of competing vendors.
“For instance, some heavily ensconced commercial sales organizations fight tooth and nail to keep OSS out, as it poses a significant threat to their sales,” said LaForest.
One of the more compelling arguments for adopting open-source software is its ability to mitigate risk, he said. To some government workers, this might seem counterintuitive, but OSS provides complete transparency into how software functions and is constructed.
Another benefit of OSS is the protection it affords against vendors going out of business. So is the ability to adapt open source software for features that the government needs but that never would be done, based upon broader usage, LaForest noted.
Contractor Conflicts
The federal government is one of the largest consumers of software. Often, a government agency will contract a software project to a software developer.
“It often depends on the contractor. Some will use open source components but deliver what is essentially a proprietary product to the hiring agency,” Lev Lesokhin, executive vice president at Cast, told LinuxInsider.
“Some of the health services platform developers are shying away from [open source] due to concerns over quality and security,” he said.
Our Way vs. the Open Source Way
The decision-making on whether to use customized commercial or open-source software rests largely with the contractor and the hiring agency. The system lacks any central office directives.
That results from the heavy load of customization that federal agencies have to do in order to meet their missions. As a result, there is no wholesale move in one direction or the other, according to Lesokhin.
“Some federal contractors have so much experience in a particular software field that they already have their own custom-made packages. Other contractors will use open source as a convenient starting point but will customize it from there,” he said.
In many cases, the contractors are coming to their bids with prebuilt software that they can then customize for the specific agency. This gives the government agency what is essentially a proprietary product, according to Lesokhin.
Partly Loving Linux
How prominent OSS usage in government is may depend on your vantage point. Intelligent Software Solutions does a lot of work with the U.S. government and agencies such as the Department of Defense and intelligence communities.
“We use open source a lot with these agencies. They really embrace open source,” Wes Caldwell, CTO of Intelligent Software Solutions, told LinuxInsider.
That hugfest with open source extends to the Linux OS on the server side, according to Caldwell, who noted that Linux is definitely one of the mainstream operating systems in that customer base.
One of the biggest players in the open source space among the agencies that ISS services are Red Hat, said Caldwell. RHEL is accredited for government use.
However, there is a dividing line. Linux is used primarily on the server side, but much of the desktop work is still handled using Microsoft Windows.
“I don’t know if that is because of convenience. I am speculating on the convenience of Word, Excel, and PowerPoint. These are programs that are used every day by government employees. That is the language that they use,” Caldwell said.
No Set Plan
No system-wide set of standards exists for software selection. Each agency does its own due diligence, according to Govcode.org creator/maintainer Diego Lapiduz, who works in the Consumer Financial Protection Bureau.
For nearly four years, Lapiduz has been spreading the word among his federal coworkers about his repository of government-focused open-source products. Many people in the government are aware of it now and use it, he said.
“When I first started working for the government, I noticed that people were doing tasks on different software and were not aware of tools available in open source. I started Govcode to communicate with them about open source,” Lapiduz told LinuxInsider.
Like Govcode.org, Github provides government agencies with a convenient way to consider open-source software. This is a way for people to share, and it allows commonality between agencies to allow people to use open source in a way that other people are using it, according to Brocade Federal’s Wallo.
“This push for collaboration among agencies is a change you are going to see,” he said.
Up for Grabs
The vetting process for open-source vendors depends on the government agency, noted Wallo. For example, the Department of Defense has certain certifications that allow you to play.
“You have to have them. These certifications guarantee interoperability. The certifications have little to do with meeting open standards,” he said. “The government tends to favor the proprietary license over open source as a way to guarantee that many people can work together.”
However, the government has a plan out there for moving toward open source. There is a date for people to respond about how they are going to use it, Wallo maintained.
“It won’t be until a second phase is forced upon agencies to adopt open source and stop paying the [proprietary software] licensing fees that it will draw a difference in behavior,” he said.
Evangelizing Open Source
The government has been involved with open source software since before the Internet — but it is only recently that government use of open source really has come into vogue, according to Ben Balter, government evangelist at GitHub.
“A big reason for this is that open source used to be inaccessible to outsiders and didn’t have the quality and support large organizations like government have come to expect,” Balter told LinuxInsider, “but that’s all changing as new tools are making it easier for organizations large and small to publish and consume high-quality, open-source software.”
The type of open-source software government agencies use is shifting from low-level system administration tools to customer-facing things like websites and mobile apps. This is a trend that matches a broader shift toward consumerization in the private sector, he said.
Can’t Shed Its Dark Side
Many government agencies, colored by open source’s history, are still hesitant to embrace open source, both as software consumers and as software publishers, Balter contended. There is no question that any government agency has some open source someplace in its software stack.
“That does not mean that it was not an uphill battle to get it there,” he said. “There is still a lot of FUD (fear, uncertainty, and doubt) around both the idea of open source (that is, anyone can change my code), and its use (e.g., open source violates the Antideficiency Act), that technologists in government are fighting.”
Still, government use of open source is increasing exponentially. Recent number-crunching revealed more than 10,000 active government users on GitHub, Balter found. That usage spreads across more than 500 organizations and dozens of countries, all together working on more than 7,500 individual projects.
“You can see some of the more notable projects, but the general trend is that we’re seeing government agencies not just consuming open-source software but publishing the software they develop in-house and collaborating with the public. The White House’s ‘We the People’ petitions platform is a great example of this,” he said.
Uncertain Support
The government does not have a lot of experience with open source, noted Balter, and there are lots of reasons all government software is not open source.
On the platform side exists a push for enterprise-grade platforms. That push is often backed by large marketing organizations that can build government-specific features like audit trails or compliance.
“There’s also a large government contracting community that, in many cases, does not have the same history of open source participation that you might see in the private sector,” said Balter.
On the application side is a history of closed-source workflows, often with no open-source developers on the agency side of an engagement. There are also cultural constraints. Government agencies have a strong immune system designed to say no — from legal to security to privacy to procurement.
“The government has a strong, top-down, command-and-control structure that is the exact opposite of how open source works,” said Balter. “Many agencies are not familiar with open source culture and do not have the tools to nurture an open source community. Finally, in many cases, transparency is seen as a liability, especially when they have no way to know the quality of the code.”