The federal government has experienced an explosion in adoption of open source applications and systems in recent years, and the benefits are extending beyond the obvious efficiencies and savings to areas like public trust and IT security, officials and experts said Wednesday at the 2016 Red Hat Government Symposium.
“I remember the day 20 years ago when something open source came across our desk, we thought aliens had landed from Mars,” Mark Bohannon, vice president of corporate affairs and public policy for Red Hat, said during a panel at the symposium. “I think we’re way, obviously, beyond that now.
Ten years after that, Bohannon explained “we were trying to explain it’s OK to use it. Today, I think it’s about how to use it. How can it help you, how are we implementing it? I think we’re in a much different chapter these days.”
More recently, that’s been propelled by the administration’s Federal Source code Policy, published in August, which requires agencies to explore existing solutions used by agency partners or other commercial off-the-shelf solutions before procuring custom software code. It also launched a pilot requiring agencies to release at least 20 percent of their custom-developed code as open source in the next three years.
“This policy seeks to address these challenges by ensuring that new custom-developed Federal source code be made broadly available for reuse across the Federal Government,” the policy says. “This is consistent with the Digital Government Strategy’s ‘Shared Platform’ approach, which enables Federal employees to work together—both within and across agencies—to reduce costs, streamline development, apply uniform standards, and ensure consistency in creating and delivering information. Enhanced reuse of custom-developed code across the Federal Government can have significant benefits for American taxpayers, including decreasing duplicative costs for the same code and reducing Federal vendor lock-in.”
David Bray, CIO of early-open-source-adopter the Federal Communications Commission, said the federal government shouldn’t be in the business of coding, for the most part.
“For most things that we do, we should not be coding,” Bray said. “We are not in competition. I understand that code is secret sauce, and that makes sense.”
Customizing code, he said, “is all good and well until five or six years from now, and then you’ve go to go back and you have to change what you’ve made, maybe something seems broken, maybe a new patch has come out and it broke something — that’s currently the state we’re in right now.”
Rather than purely coding, Bray said, agency IT should be using APIs to customize open source or commercial code that’s already available — “stitch together pieces of quilt as opposed to build pieces of quilt yourself.”
Bray also pointed to added trust that agencies can gain from users by using open source code.
The FCC was wildly successful in the launch of its broadband speed test app, he argued, because its open source code showed it didn’t collect unnecessary user information, so they weren’t worried about privacy issues.
“By making it open source, those who’d go on the GitHub who wanted to could see that by design we weren’t capturing your IP address, and by design we didn’t know who you were within a 5-mile radius,” Bray said. “And as a result, we got public trust and it was the fourth-most-downloaded app, right behind Google Chrome.”
There’s already a huge support base for open source in the federal government, he continued. “The bigger conversation is how you can use open source to actually get trust, because you’re now exposing what your code or algorithm is doing, what is being done with the data.”
“How many of you would be willing to share data on air quality, water quality, transportation quality if it would make your community safer if you knew that the data was kept private and anonymous?” he proposed to the crowd at the symposium, produced by FedScoop. “A way you can do that is by making open source what’s being done with the data and the algorithm, and I think that’s the real value of open source we’re just beginning to scratch the surface on.”
Meanwhile , many decry open source code as unsecure because it’s open to the eyes of anyone. But the opposite has actually shown true as more organizations embrace open source.
“For a long time people thought negatively about open source, kind of like it was Wikipedia … because anybody could edit it and you didn’t know what people may have done,” said Curtis Yanko, director of partner enablement at Sonatype.
However, the more eyeballs that are on that code, the more secure it is, Department of Homeland Security CTO Michael Hermus argued.
Paul Smith, Red Hat senior vice president and general manager, agreed, calling open source “the foundation for choice and security.”