It can be foolhardy to proclaim the emergence of a governmentwide trend, simply because the business needs of federal agencies, states and cities are so varied. But if recent events are an indication of a larger movement, then it appears more government decision-makers are discovering the value of writing policies for the usage of open source software (OSS).
In the past few months, California, Vermont and San Francisco have proven to be three such examples - all with a slightly different spin on the policy's language. San Francisco mandates that its city and county agencies always consider OSS when buying new solutions. California calls OSS an "acceptable practice," while Vermont chose the middle road by deciding that agencies should consider OSS, but doesn't require it.
Why the subtle differences? Perhaps it's because the calculus of implementing an open source product has become more complex - and potentially more attractive - for public-sector CIOs who are trying to keep IT services afloat with diminished budgets.
"Quite frankly, we sometimes get criticized for the money we spend on proprietary software and there are certainly people in the IT community working for Vermont who have a viewpoint that there should be more use of open source," said state CIO David Tucker about the open source policy he helped craft, which was enacted in late February.
Saving money certainly was a contributing factor - transparency was another - in San Francisco's choice to heavily promote open source within the government enterprise. For all software purchases exceeding $100,000, San Francisco's policy requires agencies to consider open source solutions on equal footing as proprietary software products. City officials, including CIO Chris Vein and an interdepartmental IT committee, worked together on the policy language.
"[California] has stepped up. San Francisco has stepped up. We're looking to the federal government for a lot of the guidance," said Brian Purchia, deputy communications director and technology adviser for San Francisco Mayor Gavin Newsom. "But this is just the beginning. The potential is there for millions of dollars [saved] in software licensing costs. That's the reality."
It's also a reality that many IT officials still are wary of open source's security. Mark Weatherford, California's chief information security officer, wrote in a blog entry last winter explaining that although he's been for and against OSS, he's heard the "'there's no guarantee of future support' line so many times it makes me want to cry.
"At least with the open source community, one of the nice things is the worldwide support available almost any time of day. So while there are some criticisms, there's also some valid business rationale for using OSS," he wrote. Reflecting Weatherford's measured approach, Chief Deputy CIO Adrian Farley characterized California's policy as bringing OSS that was already in use "out of the shadows."
But deciding what is included in an open source policy can be challenging. In Vermont, Tucker discovered that stakeholders who were meeting to hash out the policy's wording weren't apathetic.
"There were very strong opinions on the work group that the policy should be written 'shall' [use open source] instead of 'should,'" Tucker said, "and we went back and forth about that. The challenge is when you write a policy that says everybody shall do something and they're not already doing it, then immediately everybody's out of compliance on the policy."
Vermont eventually decided to give departments the option to use OSS, but not make it a requirement. Tucker said it was important that the policy account for the total cost of utilizing OSS, beyond the initial benefit that agencies wouldn't have to pay licensing fees up front.
Obviously decision-makers like Tucker are banking on that total cost of ownership being much lower.