ust five years ago, programmers who understood the value of using collaborative, open source software as a foundation for developing federal applications had to use the software surreptitiously. At that time, open source software was the bailiwick of programmers hidden away in back rooms-programmers who understood that using open source software could cut costs, speed development and improve performance. Back then, using anything but off-the-shelf software for application development wasn't widely accepted or understood. After all, commercial software was a known quantity, perceived as more reliable and secure than open source software, which just about anyone could customize.
Slowly but surely, federal CIOs have begun to see the benefits of using open source software. Prime examples include the Linux operating system, the Apache Web server, the Mozilla Firebird browser, and MySQL and PostgreSQL, open source relational databases that use standard Structured Query Language.
The National Weather Service is a case in point. The Weather Service has done an about-face in the past few years, shifting its focus from proprietary software, which is difficult to customize, to open software. The most salient example is the Advanced Weather Interactive Processing System (AWIPS), used by forecasters throughout the country to issue weather warnings, advisories, alerts and forecasts. Until about two years ago, AWIPS ran on the proprietary Unix-based HP/UX platform.
After determining that the Linux operating system had matured greatly over the past several years, due in part to its refinement by companies such as Red Hat Inc. of Raleigh, N.C., and German vendor SuSE Inc., Weather Service leaders decided to switch to Linux as the new operating system for AWIPS. "Linux was always a hacker's language, shared by a group on the Web, and it didn't have supportability. But now, lots of groups offer support and 7-by-24 availability," says Weather Service CIO Barry West. "There was some risk, because there weren't a lot of other agencies that had done this, but when we laid the factors out, our corporate board decided to move forward."
Since switching to Linux, the Weather Service has cut AWIPS costs, reportedly by as much as 75 percent, largely because the operating system requires less maintenance. Aside from increased efficiency, West says, Linux works with many different types of hardware and environments. "We can run the same applications on a supercomputer and take it down to the workstation without recompiling," he says. "You can't do that with other operating systems."
Like the Weather Service, other federal agencies are beginning to understand the value of using open source software and have begun to make the shift. Agencies not only reap cost savings and efficiency, they find open source easier to use because it's stable, portable and it can be upgraded. The Census Bureau, another open source software proponent, has developed a system to help citizens get data using a variety of open source software, including Apache Web Server, Linux, MySQL and Perl. The National Security Agency has developed a security-enhanced Linux operating system that protects applications and network services by segmenting them into domains to enable secure computing in the Defense environment.
The Defense Department, which employs more than 100 open source software tools, is one of the government's largest users of the technology. The problem, notes CIO John Stenbit, is that many of those applications don't meet criteria for security and intellectual property protection that has been in place since July 2002.
Stenbit issued a memorandum on May 28 reminding Defense workers and vendors that all Defense applications using code or products based on open source software must comply with National Security Telecommunication and Information Systems Security Policy, enforced by the National Institute of Standards and Technology.
Many open source proponents interpreted the memo as Defense's endorsement of the software, but that's not exactly the case, Stenbit says. "We're agnostic, everything being equal. We'd like to satisfy our users' desire to use Linux and [other] open source software for its benefits, but only if it meets our criteria," he says.
PUSH VERSUS PULL
Many vendors are meeting the federal government halfway, offering a slew of products based on open source software. Many hardware vendors have introduced Linux-based PCs, and some, such as IBM, offer servers running MySQL.
Vendors also are increasingly taking Stenbit up on his challenge, submitting products and code to the Defense Department's standards. In the past several months alone, many products have been certified. Red Hat Linux Advanced Server, for example, has the Defense Information System Agency's Common Operating Environment certification, while SuSE Linux Enterprise Server 8 has the Common Criteria Security certification, required by most federal agencies.
The notable exception to the open source trend is Microsoft-a company whose products are most entrenched in the federal government, and therefore a company that stands to lose the most. "You have Web servers and security components and e-mail systems and other things being produced in open source, and that's product competition with other vendors," says Jason Matusow, manager of Microsoft's Shared Source Initiative.
In its vigor to stop the open source train, Microsoft has become aggressively vocal and active. The company has lobbied against the Defense Department's adoption of open source, tried to shut down the National Security Agency's use of Linux, and has even attempted to convince Congress that open source is a bad idea.
Part of the problem, Microsoft asserts, is that Linux has grown up-so much so, executives believe, that it no longer acts much like an open source product and therefore should be considered a competitive off-the-shelf product, much like Microsoft's Windows.
"Linux is acting more like a commercial operating system than ever before, with companies like IBM and Red Hat behind it," Matusow says. "Agencies using Linux now have commercial relationships with those vendors much as they would with any off-the-shelf product they would have purchased."
Terry Bollinger is an IT analyst at MITRE, a not-for-profit organization chartered to work in the public interest based in Bedford, Mass., and McLean, Va., and co-author of the 2002 study, "Use of Free and Open Source Software in the U.S. Department of Defense." He concedes that Microsoft might have a point, albeit a weak one.
"People are very concerned that in picking a particular group of vendors that develops software, you aren't just picking a license, but picking a group. In some ways, it can be viewed as another form of proprietariness. That's one of the reasons why Microsoft has such severe concerns," Bollinger says. "If you pick a specific cooperative's [product], you can't include it in your package and sell your package, and that concerns groups like Microsoft."
Microsoft has other reasons to be concerned about the federal government's growing interest in open source software, says Tony Stanco, who directs the Center of Open Source and Government, a Washington-based consortium dedicated to promoting open source throughout government, and The George Washington University's Cyber Security Policy and Research Institute.
Open source software found its way into government from the IT worker's level, to the IT director's level, to the management level, Stanco says, so Microsoft didn't consider it an issue until it was too late. "By the time Microsoft got involved, there were so many people at the management and technical levels using open source that they had a hard time. They fought it, but they are losing out with things like the DoD memo," he says.
Microsoft's Matusow debates vendors' and agencies' claims that open source software is less expensive. He lists costs, including fees paid to a distributor such as Red Hat on a per-server basis and fees paid to vendors such as IBM. "At the end of the day, the cost they are presenting relative to the use of their operating system will be comparable to that of other operating systems," Matusow says.
Sam Greenblatt, chief architect of the Linux Technology Group at Islandia, N.Y.-based Computer Associates International Inc., begs to differ. "It's about total cost of acquisition," he says. "If I'm sitting on a 486 chip, I won't run XP because it won't work," he says. "If you really want to run XP and Office 2003, you need a stronger processor. The federal government has older hardware, so Linux is a natural. Instead of upgrading, they can just install Linux and run [Linux] OpenOffice."
Microsoft is correct that most federal agencies pay third-party vendors to acquire open source software, but that type of competition actually drives down costs in the long term, Bollinger says. "Since anybody can start a business to support open source products, you are actually encouraging competition in the private sector," he says. "And that's often where the biggest expenses are-in support. That's what's behind the feeling that over the long term, open source can provide significant cost savings to government."
HERE TO STAY
This debate, although unpleasant for vendors, doesn't seem to be affecting the federal government that much. As agencies discover the benefits of open source, more are considering their options. Making their decision easier is SmartBUY, a governmentwide software licensing initiative promulgated by the Office of Management and Budget and managed by the General Services Administration that includes open source software. As open source software becomes easier to procure, it likely will catch on faster than ever before.
Despite potential roadblocks, open source appears to be here to stay in the federal arena. The National Weather Service, for example, plans to convert systems at more than 122 forecast offices to Linux by the end of this year.
"Agencies that are skeptical about moving to open source should take a second look," the Weather Service's West says. "We've been very happy and have had no second thoughts about our move to Linux and some of the other utilities in open source."
As popular as open source-based development may become, it never will supplant off-the-shelf software in the development world. Instead, the two technologies are likely to enjoy a peaceful coexistence.
"Whether we use open source or proprietary software depends on the business case and what your needs are," West says. "What are your interoperability issues? What other systems do you have to communicate with?"
It's not an either-or proposition, according to Brad Westpfahl, director of IBM's Government Industry Programs. "The fact that top management in federal agencies are giving the green light to consider and use open source is the news of the day, and it's an opportunity for agencies to feel confident that they shouldn't make the commercial versus open decision upfront and then try to solve the problem," he says. "Instead of making a decision wholesale to go proprietary or open, understand the needs of your various applications and deployments and keep both types of capabilities on the evaluation list until one or the other proves superior."