Comments on: Pentagon is preparing guidelines for open-source adoption

The US Department of Defense is about to make it much easier for its sub-agencies to buy into and contribute to open-source software projects.

[kit_plummer]

Matt,

The problem with the pending CIO memo is this blurb: "that releasing the code is in the government's interest". As an Open Source contributor under Federal contract, I can tell you that the problem isn't the government...it is the Federal contractors. Unless government provides some incentive for contractors to push Open solutions, there's no reason to expect anything to change. For example, my employer Accenture, is willing to let me commit to Open projects if I get approval from the customer (govt. or otherwise) AND sign-off from program leadership, legal, and a senior executive (which requires unreal overhead for which there's no justification).

A previous employer of mine, Raytheon, can't even grasp the issue. Not only is there suffering in the form of "not built here", but the lawyers can't even comprehend what is IP, let alone make some kind of contractual decision based on what Open means. Until the money sources provide "win-checks" for being Open...

The best interest of the government is defined by the top-5 contractors, and they surely can't rationalize sharing their efforts (even if it will benefit themselves later.) Open Technology Development, as defined by the DoD's channels is struggling to fix the perceptions of open standards - versus proprietary, vendor-locked solutions. So, while I think an updated "memo" will help create some conversation it is just that, a memo.

Kit
(Great blog BTW.)

[1974joel]

I have a high level meeting with OSD next week. If you could ask the DoD to change 3 things, what would those be? Email me at jjackson@redhat.com please.

[vanlindberg]

This is great - and the DoD *is* doing more to support open source. On the government level, the problem in many cases is not the DoD, it is the state department and export regulations. This is a thorny issue that most people haven't looked at.

That aside from any issues from contractors, as discussed by the previous commenter.

[PVescuso]

Black Duck Software sees the efforts the government is making to provide clear cut OSS adoption policies as a step in the right direction, but as your readers point out, policies aren?t enough. We believe the incentives to use open source as an alternative are the benefits (choice, access to source code, flexibility, etc.) and cost-savings that can be gained. As you point out in your blog, government agencies have long been proponents of OSS use, and in some cases, have been first adopters. What is new, and necessary, are the guidelines. We believe that clear cut guidelines coupled with a comprehensive solution for managing open source use, vulnerabilities, and license obligations, are key to following best practice guidelines for its inclusion.

Today?s hybrid software development processes, where OSS is integrated with proprietary and other code, introduces new challenges to government organizations looking to maximize the value of open source in their confidential and mission critical software assets. ?Copy and paste? code use will exist and continue as long as developers are connected to the Internet. Empowering developers with the tools necessary to detect and mitigate open source license concerns and vulnerabilities, enables them to do their jobs while better protecting the interests of their organizations.

--Peter Vescuso, Black Duck Software