Internaut: Open-source isn't always best

Shawn P. McCarthy

Half-truths are flying about open-source versus licensed software, and the debate will ratchet up another notch in coming months.

Some powerful players are determined to convince government policy-makers that there's a security risk in using open-source Web server, database and application software.

Meanwhile, open-source advocates are pressing hard, in these tough economic times, to spread the word that their code is cheap, easy to implement and customize, and, yes, even has its own security advantages.

Here are some of the players:
  • The Initiative for Software Choice, at, promotes 'neutral government procurement, standards and public R&D policies for software.' That sounds noble, but bear in mind that it's backed by Microsoft Corp., Intel Corp. and other groups plugged into the Windows platform.

  • The Open Group, at incorporates two older groups, the Open Software Foundation and X/Open. It maintains the open standard for Unix and for Structured Query Language databases, and it has an interest in keeping those standards alive.

  • Ralph Nader's Consumer Project on Technology, at, is a big advocate of open-source. It will likely target Karen Evans, the Office of Management and Budget's new e-government and IT administrator, with its argument that Microsoft applications should be required to save documents in an open format for easier data sharing among agencies.

But things aren't as simple as these groups contend. Open-source advocates last year introduced a proposal in California, which the Legislature never formally considered, to prohibit buying from software companies that don't open up their source code and licensing policies. That bill was specifically aimed at Microsoft and raised tensions between the two sides.

Those who oppose open-source often claim the software is touched by so many people that security holes could be slipped in.

Meanwhile, no less than the president of India, A.P.J. Abdul Kalam, has said his country favors open-source because 'we can easily introduce user-built security algorithms.'

Short answer: Both sides are right about some things and dead wrong about others.

Open-source might raise the possibility of security holes, but it has more flexibility for improvements and custom security solutions. Open-source is cheaper up front.

Proprietary solutions do some things better and often require less installation hand-holding.

But legacy systems play such an important role in each IT office's decisions that government policy can never take them all into account. Agency IT shops must make their own decisions about what is best for them. Calls for broad, governmentwide policies that favor one side or the other are ill-advised.

Keep that in mind when you hear all the shouting, and make sure your decision-makers are informed.

Shawn P. McCarthy is president of an information services development company. E-mail him at

About the Author

Shawn McCarthy, a former writer for GCN, is senior analyst and program manager for government IT opportunities at IDC.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.