Use open source software in preference to proprietary or closed source alternatives, in particular for operating systems, networking software, web servers, databases and programming languages.
- OSS isn't widely used in government programs;
- OSS isn't equivalent to commercial software;
- Government information assurance policies prohibit OSS;
- OSS is less secure than proprietary software; and
- It's easier to insert malicious code into OSS.
OSS Isn’t Widely Used in Government Programs
- Mozilla Firefox Browser and Thunderbird Email Client;
- Google Android Operating System for Mobile Devices;
- Apache Tomcat Web Server and Servlet Container;
- Linux Operating System;
- PostgreSQL Object Relational Database Management System (ORDBMS);
- Drupal Content Management System;
- WSO2 Enterprise Service Bus (ESB);
- Apache Hadoop Distributed Computing Framework; and
- NASA World Wind Geospatial Information System (GIS).
OSS Isn’t Equivalent to Commercial Software
(A) Any item, other than real property, that is of a type customarily used by the general public or by nongovernmental entities for purposes other than governmental purposes, and that -
(i) has been sold, leased, or licensed to the general public; or
(ii) has been offered for sale, lease, or license to the general public.
(B) Any item that evolved from an item described in subparagraph (A) through advances in technology or performance and that is not yet available in the commercial marketplace, but will be available in the commercial marketplace in time to satisfy the delivery requirements under a Federal Government solicitation.
(C) Any item that, but for -
(i) modifications of a type customarily available in the commercial marketplace, or
(ii) minor modifications made to meet Federal Government requirements, would satisfy the criteria in subparagraph (A) or (B).
Government Information Assurance Policies Prohibit OSS
Binary or machine executable public domain software products and other software products with limited or no warranty such as those commonly known as freeware or shareware are not used in DoD information systems unless they are necessary for mission accomplishment and there are no alternative IT solutions available.
Such products are assessed for information assurance impacts, and approved for use by the DAA. The assessment addresses the fact that such software products are difficult or impossible to review, repair, or extend, given that the Government does not have access to the original source code and there is no owner who could make such repairs on behalf of the Government. (Emphasis added.)
OSS is Less Secure than Proprietary Software
It’s Easier to Insert Malicious Code into OSS
In summary, while the US government has, to date not issued guidance requiring a preference for open source, it has clearly indicated that open source products are to be given at least as much preference as proprietary products. Additionally, open source products come with some significant intrinsic benefits with respect to security and information assurance. What this really means is that acquisitions managers have greater choice and an increased ability to make programmatic decisions that increase capability while lowering total cost of ownership. And that’s a recipe for success all around.