Defense procurement ill-suited for open source

In order to fully take advantage of open-source software, Defense Department agencies may need to rethink how they do procurement, said Fritz Schulz, who works in the chief technology office of the Defense Information Systems Agency.

"The procurement process itself needs to be modified," he said at the annual Red Hat Users and Developers Conference, held last week in Washington. "There are a couple of aspects that relate to the nuts and bolts of acquisition that need to be addressed. Those things are just coming into focus now."

Although current policies adequately accommodate open-source acquisition, the requirements analysis that defense agencies undertake to get new software should be executed differently, "to allow for proper consideration of open source," he said.

"There are a lot of hidden assumptions" in how software is now procured, he said. While most commercial software is obtained through licenses, open-source software would be better suited to a support-based contract, since the software is free, at least in the uncompiled and unconfigured form.

As a result, the requirements analysis should look more at the issue of trust as the crucial component in the procurement. In other words, can the software be trusted to work as it is supposed to do? When bugs are encountered, will they be promptly fixed?

"The vendor value-add is not intellectual property. It is trust," Schulz said.

The extra effort could be worth the work, however. Schulz noted that the ability to access the source code of the programs being used would allow the agency to shorten the time it would take to make crucial changes to the code in response to emerging threats and changing conditions.

"We can write some code tonight that allows us to put on the boxes tomorrow,' he said. 'Open source really helps us with this."

Last year, the Deputy Undersecretary of Defense's Advanced Systems and Concepts office surveyed DOD shops to find out how much open-source software it was using. It found more open-source software use than was expected.

This study, and its recommendations, "is where we're moving out from," Schulz said.

A more recent study conducted by the federal Open Source Alliance also confirmed these findings. It found that 55 percent of federal information technology leaders it surveyed ' including DOD agencies ' have been, or are involved in open-source implementations.

Schulz stressed that DISA is not "pro-open source. We're advocates for the tool that best fits the need for us. Were still looking on where it's appropriate to use open source and where it's appropriate to use commercial activity."

About the Author

Joab Jackson is the senior technology editor for Government Computer News.


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.