Photo: San Francisco Mayor Gavin Newsom
As state and local governments know too well, choosing open source software is kind of like being Lewis and Clark: There are a lot of unknowns, and policies for governing the open source "wilderness" aren't well defined -- if at all.
This is finally starting to change, thanks in part to leadership from San Francisco and the California state CIO's office, two of the first governments to adopt formal policies for the usage of open source software within state and local agencies.
The content of their policies are similar, but San Francisco's goes a step further than the state. Adopted Jan. 21, San Francisco's policy mandates that city agencies always consider open source options when buying new software. By contrast, the open source policy letter issued in January by California's Office of the State Chief Information Officer set a definition of open source software and designated it an "acceptable practice" -- bringing its usage by the state "out of the shadows," in the words of Chief Deputy CIO Adrian Farley.
The different approaches suggest there is still a long way to go until a commonly accepted best practice emerges for open source software in government.
"The state has stepped up. San Francisco has stepped up. We're looking to the federal government for a lot of the guidance," said Brian Purchia, deputy communications director and technology adviser for San Francisco Mayor Gavin Newsom. "But this is just the beginning. The potential is there for millions of dollars [saved] in software licensing costs. That's the reality."
Purchia contends that San Francisco's policy goes further than California's. "The state has done a good job in terms of at least saying that open source software should be left on the table," he said, "but in San Francisco, we're actually making it a part of the policy. It will be evaluated on an equal field with private software."
For all software purchases in excess of $100,000, San Francisco's policy requires agencies to consider open source solutions on equivalent ground as proprietary software products. City officials, including CIO Chris Vein and an interdepartmental IT committee, worked together on the policy language.
For the past six months, Mayor Gavin Newsom has pushed San Francisco city agencies to use open source as part of a citywide transparency initiative. In one example, many of the city's newest Web sites -- including DataSF and RecoverySF -- are built on open source platforms.
On a video update posted last week to YouTube, Newsom said he prefers open source because it can speed up procurements and can be cheaper. "This is a policy that didn't necessarily get a lot of attention, but I think is a big deal for taxpayers in the city and for those that believe in open source, open data and more transparency of government," Newsom said.
Like the mayor, California's IT leadership recognizes that open source could be a money-saver. But it's apparent that the state isn't touting open source with quite as much gusto as Newsom. "It's not like we're giving agencies carte blanche to throw up any kind of OSS (open source software) that they want," Farley told Government Technology last month. California's policy "normalizes" the state's use of open source software, giving "a framework for departments to use OSS out of the shadows, more or less," he explained.
The state's more cautious approach likely stems in part from wariness about security. Mark Weatherford, the state's chief information security officer, recently wrote in a blog post on Govtech.com that he has been on both sides of the argument about open source.
"There are arguments against using OSS, but I've heard the 'there's no guarantee of future support' line so many times it makes me want to cry," Weatherford wrote. "How many times and how many endless hours have you spent on hold with tech support without getting the help you needed? At least with the open source community one of the nice things is the worldwide support available almost any time of day. So while there are some criticisms, there's also some valid business rationale for using OSS."
The same arguments that are floated against open source -- you don't know the coder who's working for you, uncertain quality assurance, irregular schedules for version updates - no doubt could prove troublesome for governments that come to rely upon open code.
Purchia said San Francisco's leadership was mindful that there's some element of risk -- no software is 100 percent secure. And the city's IT officials brought up the security question.
"But from our perspective, from what we've seen over the past few years, open source software is more secure than a lot of the private software out there," he said.
Time will tell if San Francisco and California are doing the right thing, and if government's use of open source turns out to be a more secure option. In any case, the two governments seemingly are unafraid to lead the way forward.
Government Technology Staff Writer Russell Nichols contributed to this story.