IT Units Encouraged To Adopt Open-Source Risk-Management Program

The Government Open Code Collaborative this week plans to issue a white paper encouraging IT departments to adopt a risk-management program around open source. The collaborative, launched in late June by five states, two municipalities, the School of Government at the University of North Carolina at Chapel Hill, and the Albany County (N.Y.) Airport Authority, offers government agencies a repository that includes both proprietary and open-source applications. But it's the open-source piece that's of greatest concern to most entities, public and private.

The repository, which includes proprietary and open-source software, provides state and local IT organizations with building blocks for the types of applications they all use. Everybody in government essentially needs to perform the same basic functions, whether it's fiscal management, human resources, or payment processing, says Massachusetts CIO Peter Quinn, also the chairman of the collaborative. "We all go out and spend hundreds of million of dollars on applications to do that," he says. "Why is it that we're going out there and inventing the wheel?"

Instead, member states such as Massachusetts and Rhode Island, as well as Massachusetts municipalities Gloucester and Worcester, decided to contribute their knowledge and experience in the form of applications to a repository hosted at the University of Rhode Island. Members can use and contribute code as long as they sign an agreement stating that they won't resell the repository's code for profit. Public entities that don't sign this agreement may use code contained in the collaborative but are unable to contribute code or have a say in the collaborative's direction.

The repository includes a MySQL database, Z Object Publishing Environment application server, Apache Web server, OpenLDAP authentication service for storing membership data, and Debian Linux operating system running on an Intel-based rack-mounted server. Yet the General Public License used to license most of these open-source applications hasn't been proven to withstand legal challenges the way other software licenses have, Quinn says.

Most state and local governments Quinn has approached about the collaborative understand its basic premise. "Their biggest qualm is the legal issue," Quinn says.The collaborative encourages use of any combination of open-source and proprietary software from its repository. Public entities that download proprietary software from the repository must license that software under the developer's terms. Says Quinn, "We're trying to create a continuing, ever-widening circle of innovation and collaboration not just predicated on open source."