12 March 2018

Disruptive by Design: Invigorating Government Open Source Contributions

By Lt. Cmdr. Jonathan White

The U.S. government is likely the largest combined producer and consumer of software in the world. The code to build that software is volatile, expensive and oftentimes completely hidden from view. Most people only see the end result: the compiled and packaged application or website. However, a massive worldwide community, the Open Source Initiative, centers on the exact opposite. Open source enables a development method for software that harnesses the power of distributed peer review and transparency of process. Although open source technology is not new, its effects can still be disruptive in many ways. The government has only recently been serious about contributing to this initiative, a nonprofit formed in 1998 as an educational, advocacy and stewardship organization. The Department of Defense has traditionally treated the majority of source code as sensitive, nonexportable information. This attitude has placed most open projects behind heavy use restrictions and government-access-only barriers.

The Defense Department defines open source as “software for which the human-readable source code is available for use, study, reuse, modification, enhancement and redistribution by the users of that software.” People use open source software in every aspect of their daily lives, from web browsers to mobile phones. It powers data centers, national defense systems and space missions. Open software is pervasive, and the modern world would not be possible without it. Passionate freelance developers, Fortune 500 companies and Silicon Valley startups collectively contribute millions of hours of work every year to maintain this vital code network.

The government has two major initiatives to facilitate contributions to the open source community: code.gov and code.mil. The .gov variant was launched in November 2016 and contains thousands of named projects that span every branch of the government, including NASA, the General Services Administration, the Department of Energy, and the Department of Housing and Urban Development. Sadly, a large majority of the projects are restricted to government use and distribution. The .mil variant launched a year ago and is seeking contributions from across the defense community. This new initiative differs significantly from prior attempts at opening up Defense Department software, such as forge.mil, by aiming to be completely open and free to the public. Both the .mil and .gov initiatives extensively use the GitHub hosting platform, one of the world’s top source code repository and issue tracking systems.

With a thriving community, a supportive government and a wealth of software, how can you help contribute to this effort? Government software project managers should evaluate whether they can share developed code with the public. If your project leverages or extends open source software, then consider giving back any changes you make, especially if they improve security. Giving back ensures that future updates can be applied seamlessly, and everyone benefits. Other individuals can promote the use of open software throughout the government. The Defense Department defines open source software as a commercial product, and adding it as a part of your market research is a key first step and can lead to significant cost savings.

There are inherent risks when using or contributing to open source projects. These risks revolve around three main areas: security, licensing and activity. Security is a huge concern for the government, especially when previously closed source code goes public and possibly exposes vulnerabilities.

A trusted repository owner who controls the code base typically scrutinizes contributions to projects. Determining who that owner is and whether he or she can be trusted is often difficult and can undermine an otherwise useful product.

Licensing is also a huge challenge, with improper, missing or incompatible licensing causing significant integration and legal problems down the road. A legal review is recommended to determine whether a given license is really an open source software license. Finally, contribution activity is a problem unique to the open source world because most projects rely on volunteer efforts. A project’s activity determines how fast patches for security and features are released once a problem is reported.

Contributing to the open source community is fulfilling and beneficial to society at large. The government is distinctly positioned to drive innovation and share the work funded by the public. This was onerous and costly just five years ago, but with the rise of simple sharing platforms such as GitHub, the barriers are far lower. Although there are challenges and risks, with proper management, the rewards of open source will compound as entrepreneurs and hobbyists around the world build new technologies off of today’s contributions.

No comments: