IT Units Encouraged To Adopt Open-Source Risk-Management Program
A government cooperative, the Government Open Code Collaborative, offers agencies a repository that includes proprietary and open-source apps. But it's the open-source piece that's of greatest concern to public and private entities.
The Government Open Code Collaborative this week plans to issue a white paper encouraging IT departments to adopt a risk-management program around open source. The collaborative, launched in late June, offers government agencies a repository that includes both proprietary and open-source applications. But it's the open-source piece that's of greatest concern to most entities, public and private.
The repository, which includes proprietary and open-source software, provides state and local IT organizations with building blocks for the types of applications they all use. Everybody in government essentially needs to perform the same basic functions, whether it's fiscal management, human resources, or payment processing, says Massachusetts CIO Peter Quinn, also the chairman of the collaborative. "We all go out and spend hundreds of million of dollars on applications to do that," he says. "Why is it that we're going out there and inventing the wheel?"
In addition to Massachusetts, collaborative members who've signed operating agreements and can upload code to the repository include the Texas Department of Information Resources, Utah Information Technology Services, the West Virginia Auditor's Office, the Wisconsin Department of Administration, Massachusetts cities Gloucester and Worcester, the School of Government at the University of North Carolina at Chapel Hill, the Albany County (N.Y.) Airport Authority, and the city of Newport News, Va., which just signed and submitted paperwork this week. Other members who've agreed to participate in the collaborative but not signed operating agreements are the Rhode Island Secretary of State's Office, the Pennsylvania Information Technology Office, the Kansas Secretary of State and Treasurer offices, and the Missouri Secretary of State Office.
Instead, member states such as Massachusetts and Rhode Island, as well as Massachusetts municipalities Gloucester and Worcester, decided to contribute their knowledge and experience in the form of applications to a repository hosted at the University of Rhode Island. Members can use and contribute code as long as they sign an agreement stating that they won't resell the repository's code for profit. Public entities that don't sign this agreement may use code contained in the collaborative but are unable to contribute code or have a say in the collaborative's direction.
The repository includes a MySQL database, Z Object Publishing Environment application server, Apache Web server, OpenLDAP authentication service for storing membership data, and Debian Linux operating system running on an Intel-based rack-mounted server. Yet the General Public License used to license most of these open-source applications hasn't been proven to withstand legal challenges the way other software licenses have, Quinn says.
Most state and local governments Quinn has approached about the collaborative understand its basic premise. "Their biggest qualm is the legal issue," Quinn says.
The collaborative encourages use of any combination of open-source and proprietary software from its repository. Public entities that download proprietary software from the repository must license that software under the developer's terms. Says Quinn, "We're trying to create a continuing, ever-widening circle of innovation and collaboration not just predicated on open source."
The collaborative's communal model shouldn't scare anyone already familiar with open source, says Tony Stanco, associate director of George Washington University's Cyber Security Policy and Research Institute and director of the Center for Open Source and Government, a Washington, D.C.,-based open-source advocacy group. "Following licenses is easier for open-source applications than it is for proprietary applications because proprietary licenses can change from version to version," he says. Many open-source applications are governed by the General Public License, which permits free use and copying of software.
The communal approach to application development will ultimately lower costs and create greater interoperability between systems, Stanco says.
It's too early to tell how the collaborative will play, and the collaborative's organizers have to properly manage any issues that could arise surrounding intellectual property, says Thom Rubel, Meta Group's VP of government strategies. "But this group takes the concept of sharing of best practices and takes it a step forward to help save money," he says. "This leveraging of resources will be beneficial in the long run."
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.