This blog post is an excerpt from GovLoop’s recent guide “7 Open Source Myths Debunked.” We spoke with a dozen government technologists, lawmakers and other experts to debunk common myths and help your agency make fact-based decisions about using open source. To view other myths, resources and facts about the state of open source adoption in government, download the full guide here.
The appetite for open source software in government has evolved greatly over the past decade, from skepticism about its security and reliability to more agencies using it for mission critical operations that are essential to their purposes.
Part of that evolution can be credited to early efforts by the Office of Management and Budget and the Defense Department to clarify that open source is suitable for government use and should be treated the same as any other government procurement. Not only were federal agencies encouraged to use open source software, but the Federal Source Code Policy released in August 2016 made clear that agencies were now expected to contribute at least 20 percent of their custom-developed code to the public as open source.
“That was fundamentally transformational,” said Adam Clater, Chief Architect for North America Public Sector at Red Hat, a leading provider of open source solutions. Red Hat has been a key player in the government open source movement for years, with countless agencies relying on the company’s expertise and innovative solutions.
If you look at the overall growth and adoption of open source software, government has been contributing to these types of projects for decades, Clater said. But it took years to build up the credibility of open source.
Take the Linux operating system, for example. It was initially viewed as a small utility service that organizations eventually used for lower-risk projects, such as running Domain Name Servers, which store domain names and translate them into Internet Protocol addresses. Small wins for those projects promoted organizations to use open source for running web servers and application servers.
Today, open source is an integral part of IT operations at a growing number of government agencies — including military, civilian and state and local governments.
Clater noted several defining moments, particularly in industry, that contributed to increased open source adoption in government. One of those inflection points was when Red Hat announced it would build a Linux operating system for enterprise organizations. Soon after, Oracle and Red Hat joined forces to announce that the Oracle database would be certified to run on Red Hat Enterprise Linux.
“For the first time, agencies were not forced to buy proprietary hardware and systems to run Oracle databases,” Clater said.
Adoption has rapidly evolved since then. And today, military and civilian federal agencies, as well as state and local entities are also taking advantage of the benefits that open source has to offer. But these environments demand enterprise grade security and support, as well as expert training and consulting services to deliver on government missions.
For example, NASA’s Jet Propulsion Laboratory (JPL) built a private cloud based on Red Hat OpenStack Platform to process requests from flight projects and researchers working with mission data. The state of Tennessee chose a Red Hat open source solution to replace proprietary middleware software that hindered its ability to add functionality to its existing systems, develop new ones and scale to meet market demands.
For skeptics who are still concerned about the security of open source, Clater highlighted a 2014 Coverity analysis that found proprietary software had a higher defect density (.76) than open source software (.61). Defect density tracks the number of defects per 1,000 lines of software code.
Clater noted that a score of 1 is considered acceptable in the commercial world, and open source beat that score by almost half. Open source advocates are firm believers in the saying that “many eyes make all bugs shallow,” referring to the fact that there are greater opportunities to spot issues with the code because more people are looking at it.
In the end, the success of open source projects comes down to proper education and training about what the software has to offer. The abundance of success stories continues to dispel myths about the reliability and security of open source that have hindered government adoption in the past.
Plus, agencies have greater access to training to enhance their understanding and use of open source. Red Hat offers free, self-paced courses that students can audit or receive a verified certificate for a small fee. These types of partnerships are vital.
“Software inherently has sharp edges,” Clater said. “If agencies want to tap into the most thriving technology, they need a partner like Red Hat to help them in their quest to revolutionize their business.”