The White House's recent Federal Source Code Policy is its latest push in an ongoing effort to modernize and innovate government technology. It takes a focused aim at overhauling and democratizing federal software procurement and application by calling upon department and agency heads to consider the wider value of open source software (OSS), including releasing 20 percent of new custom-developed code as OSS. Noting that the federal government annually dispenses a whopping $6 billion on more than 42,000 software transactions, this guidance strongly encourages the exploration of solutions that better support cost efficiency, reduce vendor lock-in and encourage reuse across agencies.
The pros and cons of OSS
The presence of OSS in the federal government offers lower, up-front software costs, a large pool of available talent, and the ability to rapidly test and prototype new ideas and solutions. In a short period of time, an agency can go from idea to initial proof of concept at near-zero cost. In an era of increasing budget pressure as well as increasing demands for a more nimble and responsive digital government, the promise of open source tools provides potential for enhancing government agency mission effectiveness.
However, OSS also presents contractual, security and efficiency risks, as well as often underestimated long-term costs — issues that are magnified within the narrower context of a federal agency’s unique needs, capabilities and constraints.
Let’s consider the value of OSS to loosen vendor lock-in. Because OSS often requires custom coding configuration and maintenance, it reassigns an agency’s IT dependency from a commercial vendor to a more distributed network, either internally or through contracted support services. This and other aspects of operational production-scale deployment of OSS tools creates additional upfront and ongoing costs that can elevate the total cost of ownership significantly.
Additionally, OSS code is by definition freely accessible, which makes its security and stability uncertain. These are some of the reasons why the White House’s guidance asks agencies to select solutions that takes into consideration "performance, total life-cycle cost of ownership, security and privacy protections, interoperability, ability to share or re-use, resources required to later switch vendors, and availability of quality support."
A hybrid approach
OSS is best applied in a hybrid manner, maximizing its strengths alongside the strengths of other tested, operational, production-scale tools.
Specifically, for at-scale operational functions, agencies must consider solutions that provide benefits in terms of scale, reliability, rapid deployment, security or support — solutions which may not be open source. A key element of a hybrid approach is to look for commercial solutions that have built-in open standards — that is, the ability to seamlessly interoperate with open source tools. Such systems enable the rapid development and prototyping offered by OSS, combined with the scalability, security and deployment advantages found in enterprise-level vendor technologies.
For example, imagine a government data scientist that has an idea for a better way to manage their agency’s logistics. At low cost, and in a short amount of time, they could prototype a new algorithm using OSS, and then assess its potential against a subset of agency data. Once the value of the new approach has been assessed, it could then be incorporated in a validated and reliable commercial solution in an at-scale operational environment. This hybrid approach also provides for service support, routine security and crisis response.
By combining OSS-facilitated innovation with proven enterprise-level technologies, commercial software can reliably bridge digital governance gaps and help realize the OSS potential in meeting agencies’ requirements. In contrast, blanket approaches will not only create new risks and increased total life cycle costs, but will also ultimately inhibit OSS from reaching the full potential envisioned by the White House.
Steve Bennett is director of global government practice at SAS. He is the former director of the National Biosurveillance Integration Center within the Department of Homeland Security.