Why DOD Should Look Before Leaping into Open Source

In February 2018, the Department of Defense (DOD) Defense Digital Service (DDS) relaunched Code.mil to expand the use of open source code. In short, Code.mil aims to enable the migration of some of the department’s custom-developed code into a central repository for other agency developers to reduce work redundancy and save costs in software development. This move to open source makes sense considering that much of the innovation and technological advancements we are seeing are happening in the open source space.

Since its launch, Code.mil has, according to the DDS, helped spur many open source-enabled projects, including the creation of eMCM last March—an easily accessible web-based version of the Manual for Courts-Martial (MCM) that outlines the official conduct guide to the courts-martial in the U.S. military. Before the digital relaunch of MCM, the process for updating the Manual for Courts-Martial was tedious and involved approvals from a handful of government offices, resulting in delayed and outdated releases of guidance that occurred only once every several years. In its open version, the MCM is periodically updated allowing for a live version to be widely accessible across the U.S. military.

Not All Open Source Solutions Are Created Equal

While projects such as the eMCM demonstrate the advantages of openness and collaboration, it’s vital that government IT decision makers understand some of key differentiators—and potential risks—of free and open source software (FOSS).

First, it’s important to distinguish that not all open source is created equal. There is a big difference between FOSS and enterprise open source. Essentially, the former is a community project-approach to software development that lacks a support model, formal testing and interoperability processes, or the certification that government users expect. Enterprise-supported open source, on the other hand, provides testing, certification and security that allows the government to take advantage of openness without the risks.

Second, exclusively using FOSS forces the government to be the maintainer of the code base for their system and, as a result, additional responsibilities fall on the shoulders of the government agency. In most cases, the cost—including the risk of FOSS use—far outweighs the benefit.

Lastly, FOSS are projects with no formal release process and life cycle support path. Because of this, the use of FOSS often requires modification of the code to meet customer specific needs when issues arise. In guidance released in 2011, the DOD CIO Open Technology Development office specifically advised against this, stating it is “important to remain synchronized with latest formal releases of the selected projects for system reliability, technological relevance and obtaining the maximum benefit of an [open technology development] approach.”

The Path Forward for the DOD

According to DDS: “Modern software is open sourced software.” I couldn’t agree more. The rapid pace of innovation combined with shifting agency priorities and fluctuating budgets requires a nimbleness that isn’t possible with traditional approaches to IT. The vast open source community offers incredible opportunities to better achieve agency missions—from protecting soldiers to increasing combat vehicle efficiencies—that a closed and proprietary development process can’t provide.   

The time is now for government leaders to leap into open source, but they need to be cautious in their approach and definition. Just because technology is marketed as open source does not necessarily mean it is enterprise appropriate and ready.

Shaun Bierweiler is vice president, U.S. public sector, Hortonworks.