gained credibility, but a certain bit of uneasiness lingers.

AMS has seen a growing number of its customers say they want the company to use open source software, tools or components on their projects, said Wick Keating, senior vice president and CTO of the Virginia-based systems integrator and IT consulting firm.

Faced with customers who want the company to use open source software, Keating said AMS needed to know that particular open source software components would fit into an overall solution, are secure, robust and scalable, and not riddled with defects. "We had to say, 'Look, before we go too far down this path, we just need to understand what this is all about, what the opportunities are, what the risks are and what our approach ought to be.'"

Though obviously interested in doing what its customers want, Keating said AMS wasn't sure how to categorize the reliability and trustworthiness of open source products.

From his company's perspective, Keating said, one of the great unknowns about some open source software components is who developed a particular piece of software. Whether that piece of software will enjoy long-term support from the developer is also a great unknown.

To zero in on open source products it could market to customers, AMS divided them into three categories, Keating said. The top tier is composed of the best products of their kind, he said. "For the second tier, we came up with a very simple metric: Can you go to Amazon.com and buy a book on it? It sounds silly, but that turned out to be about another 70," he said.

"If it's got a book out on it, it's got reasonable presence in the marketplace," he continued. "The fact that somebody thought it was worthwhile to publish a book on a piece of software -- because they thought there were enough people out there using it -- is a pretty good way to segment the market."

The third tier is pretty much everything else, he said.

"There are about 10 in that first tier, 70 in the second and tens of thousands in the third," he said.

Security is another unknown, he said. Though the open source community argues that many eyes have scrutinized the source code to detect and remove bugs, no one is held accountable if bugs are not detected or removed, Keating said. "Nobody wants to bring in a solution, and then turn around and discover it's got bugs and there's nobody they can hold accountable for fixing those bugs, or that it's got a security flaw."

"You don't really know that somebody didn't slip something in," he continued. "How do you know it wasn't the Russian mafia that put up that last upgrade and left themselves a back door they can use to tunnel into their systems?"

This doesn't necessarily mean open source software is suspect, he noted, citing the experience of the Pentagon, which performed an internal survey of its systems about a year ago. Officials were surprised at how much open source code the Pentagon was using, which raised some security flags, Keating said. But the Pentagon assembled a task force to review the code for security holes and found nothing to indicate the presence of back doors or other vulnerabilities.

Sign of the Times

The push to open standards is happening around the world, especially in Europe, said Allen Brown, president and CEO of The Open Group, an international vendor and technology-neutral consortium committed to creating what it calls "boundaryless information flow."

The Open Group regularly works with foreign governments, the U.S. government and vendors to further open standards adoption, mainly through conferences.

Government stovepipes are difficult to break down, Brown said, but having

Shane Peterson  |  Associate Editor