Talk about open source in government has been muted for some time, but that might be because it's happening under the radar.
From Bill Welty's perspective, the advantages of open source software extend far beyond cost savings. The CIO of California's Air Resources Board (ARB) said the real benefits involve increased agility, responsiveness to internal clients and team-building among his IT staff of 50.
"We are a can-do shop," he said, explaining that IT staffers and agency engineers collaborate to solve problems. There's an expectation that IT can do things quickly, and staff members have little patience for procurement cycles. "In fact," he added, "we have a lot of smart engineers who download open source software themselves, and if they think it is going to work for them, they ask IT to put it on a server and support it."
The Sacramento-based ARB, whose 1,200 employees work with the public, the business sector and local governments to reduce air pollution, has used open source development tools as long as it's had a Web site. It runs the Linux operating system with the Apache Web server, a MySQL database, Perl and PHP coding and a Swish-E search engine. In fact, 65 percent of its applications run on Linux, and 67 percent of its applications requiring a database use an open source product. The ARB shares with other state agencies tools it has developed, such as an assignment tracking system and a regulatory docket system.
"Open source brings competition to the IT marketplace," Welty said. "It brings innovation and lower costs. It encourages creativity and boosts morale for staff members because they are building valuable tools."
CIOs with Welty's level of open source experience are still rare, but as commercial open source software matures, many others have grown more open-minded about open source tools, especially at the infrastructure level. Government Insights, an IDC company, predicts a 30 percent compound annual growth rate for open source software as part of total government IT spending through 2009.
Clearly open source's momentum is building in the public sector, but what will it take for it to move from the margins to the mainstream? When will CIOs feel comfortable using open source products for mission-critical applications?
For open source to flourish, CIOs must understand the importance of reusing and sharing code, and they must value that reuse in their procurement process, said Peter Gallagher, president of Devis, an Arlington, Va., software developer with experience building open source applications for the federal government.
Although he believes open source could play a key role in the federal government's shift from stovepiped agency software, Gallagher said it would require a paradigm shift about sharing code. Government doesn't like giving up control, he explained. "There's a paradox involved in that in order for this huge ecosystem of valuable tools to evolve in areas such as identity management, governments have to be willing to let go of the code."
Five years ago, Gallagher predicted that open source development would be widespread by now, but the reality is slow to follow. "The education process is taking much longer than I thought it would," he admitted.
But if Gallagher is frustrated with the growth rate at the federal level, Welty believes a lot of open source work is happening under the radar. "Most IT shops are too busy finding solutions and pursuing them to tell you that they do it," he said. There are extensive mission-critical open source applications being used in the California state government, he added. The state publishes an online listing of more than 30 agency open source projects. The Web site includes commentary from IT staff about why they've chosen open source tools.
"Why get trapped for life into paying huge amounts of money for licensing which forbids you from being able to fix the broken code you have been sold," wrote one state employee, "when there are free alternatives that are often more secure and offer more features?"
Many CIOs find that although they have no open source strategy, their employees have been downloading tools and employing them to solve specific problems, Gallagher said. "So far, it has come from the bottom up, but to get to the next level, it has to come from the top down. The CIOs have to have a well informed grasp or it can't reach its potential. That's a real stumbling block."
A few years ago, Oregon Department of Transportation CIO Ben Berry wanted to assess how widespread the use of open source development tools was in his department. He did a network scan and was astounded to find more than 5,000 instances of open source products used for content management, collaboration, development tools, directory services and security. His experience prompted the Oregon CIO Council to inventory open source assets statewide and create an open source community of practice. In addition to the inventory, the state is also studying desktop tools, licensing and risk management.
"If we define ways open source tools might be valuable," Berry explained, "the next discussion is with business management of the agencies to see if it can help solve real business problems."
CIOs may be keeping quiet about open source projects for political reasons, said Deborah Bryant, public sector communities manager at Oregon State University's Open Source Lab and director of the annual Government Open Source Conference in Portland, Ore. They saw how Massachusetts got caught up in a political firestorm over its embrace of the Open Document Format as an alternative to Microsoft Office. "Some agencies are concerned that getting involved with any type of open standard is a distraction," said Bryant, former deputy CIO of Oregon. "I know of large state agencies that are having open source success but don't want to appear at any conference that involves the word "policy", because the sky seems to fill with lobbyists."
Many people have described Microsoft's recent suggestion that the Linux operating system may violate its software patents as another attempt to spread FUD (fear, uncertainty and doubt) among IT executives and the software industry. Welty said Microsoft's legal saber rattling suggests that open source has penetrated the market to the extent that it's "touching a nerve."
Obstacles to Growth
Some CIOs who are comfortable with the open source concept are eager to see some examples of sophisticated vertical applications before they take the plunge. But they may have to work with other jurisdictions to build applications rather than wait for commercial open source software developers to come to them with finished products.
Bryant said public-sector agencies are just starting to move toward sharing vertical applications they've created using open source code. "It's still very early," she added, noting that no infrastructure exists yet for state governments to collaborate. "There have been examples within states of agencies sharing open source code," Bryant said. It's more difficult to put together a multijurisdictional effort, but she believes it will happen soon.
Pete Collins, CIO of Austin, Texas, said that his 280-person IT team is using open source tools wherever appropriate. The city is redesigning its Web site using the Plone content management system and is using a Web cache application called Squid to block city employees from looking at pornography at work. But he's not sure about using it for mission-critical applications. First, he doesn't know of any open source vertical applications available for tasks such as police and fire/rescue coordination. But even if there were, he'd be concerned about reliability issues. "No one is going to run our financials, with a couple billion dollars budget, on open source," he said. "It's too high-risk."
Confusion about open source licensing issues also has been an excuse to avoid open source, but that may be changing.
Concerns about licensing schemes "used to be a conversation stopper," Bryant said, but not anymore. The issue doesn't even come up when organizations download commercial open source applications such as SugarCRM to use on their own servers. But CIOs must understand the license under which they are using the software and take steps to mitigate risk. They should consult with attorneys regarding the requirements and restrictions of the particular license governing use of the software, suggested James Gatto, an intellectual property section leader in the Northern Virginia office of Pillsbury Winthrop. "I would say the same thing if they produce open source software and want to make it available to the public or other public-sector agencies. Their responsibilities are laid out in the license, so they have to study it carefully."
Among the reasons open source adoption hasn't been faster at the federal level is a basic lack of knowledge on the part of CIOs, said Drew Ladner, former CIO of the U.S. Department of the Treasury and now CEO of Zuri Technology, a Washington, D.C.-based firm consulting on commercialization of open source software. "I've had CIOs say to me,