Note to Governments: Choose Open Source on Merit

Open Source Hypercharges Software Market Competition

Open source software (OSS) has undoubtedly injected competition and innovation to the industry at large and is no longer the sole domain of a small sect of iconoclastic programmers. Open source products such as Linux, Apache Web Server, MySQL, and Perl have found great favor with many IT directors. For example, eCommerce stalwart Amazon recently migrated 92% of its servers to Intel-based servers running Linux, replacing approximately 2,000 Sun machines.1 Private-sector customers are offered newfound choice among proprietary and open source products and are allowed to pick from diverse market offerings to meet their equally diverse needs. Governments in all parts of the world are hoping to mimic this success.

But Proprietary Software is Still Part of the Market

Just as the private software market is evolving in this environment of healthy competition, governments across the globe, including the US, are considering policies locking all proprietary software firms out of the procurement process from the outset.2 Bad idea. Why? First, although OSS has proven its value, it is certainly no cure-all for the chronic issues of cost, interoperability, and smart deployment, especially in government applications. Secondly, government purchase and deployment of software should be driven by a head-to-head competitive comparison of the features of both proprietary and OSS products, not by preferences. Even an executive at unabashed Linux booster IBM questioned the validity of preferences at a recent summit examining at the topic.3 He referred to the open source movement in the UK, where sensible efforts have been made to remove impediments to government use of OSS, but that codified preferences or mandates for the use of open source aren’t workable. After all, innovation is the child of competition and an oft-cited benefit of the open source model and its effect on the industry. Wholly precluding one sector of an industry, in this case proprietary software firms, runs counter to this spirit of innovation and competition.

Pervasive Myths Cloud the Issue

In certain instances, OSS may not be the cost-saving and features panacea some have argued. Here are 8 myths behind the movement for open source procurement mandates:

Myth #1: OSS is inherently more secure and private than the proprietary variety.

Reality: Both hackers and experts have challenged the notion of automatic open source security.

Academics and security experts aren’t sold on the idea that open source has any innate security advantages. In a recent interview, one expert noted that while the Linux kernel is solid and tightly controlled by experts, the numerous add-ons and other iterations and modifications actually undermine security.4 In sum, there may be more eyes reviewing and reworking code, but these eyes could just as easily be improperly trained novices as security experts who know how to correct security bugs without creating new vulnerabilities. Another academic argues that testing by a random community of programmers is ineffective as it is tedious, programmers will only fix bugs that annoy them, and their vigilance and effort is unlikely to match that put forth by someone with nefarious intent.5 Proprietary software firms’ security snafus are well publicized and Microsoft is even more of a routine target due to its ubiquity on personal computers. As Linux increases its share of corporate servers, it and other open applications will become attractive targets of Net ne’er-do-wells hoping to one-up each in hackerdom circles. For example, the Slapper worm infected over 20,000 Linux Web servers in October 2002 6 while security advisories from CERT for the first 10 months of 2002 show that open source and Linux software are now “the major source of elevated security vulnerabilities for IT buyers.”7 Lastly, security is the bedrock of any commitment to privacy in data management. If the underlying security is suspect, than invariably the integrity and confidentiality of government data is not necessarily made better by open source software.

Myth #2: Firms choose OSS because it is inherently better and cheaper than proprietary software.

Reality: Savings comes from the hardware, not software.

The leader of Amazon’s Linux program notes, “When calculating the economics, most people focus on free licenses, saving about $500 per box. This is trivial compared to the savings from Linux versus Unix servers.” 8 This illustrates that a major force behind Linux is that it saves millions in hardware costs by allowing businesses to migrate their existing Unix applications to less-expensive Intel-based computers and mitigating the costs associated with retraining programmers. In addition, E*Trade Financial Group slashed it’s tech budget from $300 million in 2000 to $200 million in 2002 partly by replacing 60 Sun machines with 80 Intel-based servers running Linux.9 And businesses that switch from Unix to Linux can save big on server hardware and still run their proprietary server database, CRM, ERP, and eCommerce applications. Thus far, the savings realized with Linux have little to do with open source, and everything to do with the hardware platform. That’s the same economics that drove so many IT shops to choose Windows NT instead of Unix, and Linux just adds Unix compatibility to the bargain.

Myth #3: Open source success in operating systems will be repeated in applications, too.

Reality: The economics of open source aren’t as compelling for significant server applications.

Who, we wonder, will invest millions to create open source versions of specialized server applications? Moreover, we question why IT directors would risk their businesses on potentially untested open source versions when a robust selection of proprietary server solutions is already there, and as noted above, Linux already enables hardware savings without having to switch to open source applications.

Myth #4: OSS is a guaranteed money-saver.

Reality: Savings on license fees are a small part of the total cost of ownership.

IT directors recognize that software resellers and integrators already compete on basis of life-cycle costs. In fact, it was shown in a recent study that Windows 2000 offers lower total cost than a Linux solution in four of the five workloads common to most corporate IT environments (networking, file, print and security). In these four workloads the cost advantages of Windows are significant -11-22% over a 5-year period.10 Since license fees are relatively low, proprietary and open source are roughly comparable on life-cycle costs, especially considering some hidden costs of free software, like programmer transition, data conversion, and user training. Never mind other potential end user issues such as the lack of device drivers for specialized hardware, and personal productivity losses when an open source product lacks a seldom-used but helpful feature.

Myth #5: OSS offers comparable support.

Reality: For a fee, yes.

The single biggest challenge in eGovernment lies in deploying solutions that can work among and between siloed departments or agencies.11 Linking of legacy back-end systems in the government is a veritable minefield when deploying any software, proprietary or not. To avoid these inevitable pitfalls, reliable support for government customers proves critical. Vendors like IBM and Red Hat are banking that they can cash-in by offering consulting and support services to clients that choose Linux, and governments are among their target customers. If governments are seeking to truly minimize costs by shutting out proprietary vendors or going it alone with open source, they must accept the possibility of little or no support and perpetual upkeep of the product.

Myth #6: OSS will help developing nations.

Reality: Open source mandates are not a ticket to the First World

Conventional wisdom holds that the open source model will have two principal benefits for developing nations: 1) lower procurement costs; and 2) stimulating a domestic software economy. But open source applications customized for a given government are highly specialized, have little or no export value, and must be perennially supported by governments themselves, not the software provider. As a result, governments could very well find themselves trapped in an in-house maintenance web, all the while penalizing domestic proprietary firms, and relying almost entirely on the perceived long term benefits of forcibly seeding an open source community at home.

Myth #7: The use of proprietary standards will forever shut OSS out of the government market.

Reality: Proprietary firms are embracing more than proprietary standards.

Free from government mandate, the US software industry as a whole is evolving into an open standardsbased industry. Why? Corporate customers are demanding it and, much like government clients, are seeking to more easily share data across applications via standard protocols and file formats. Even Microsoft will be opening up its $9 billion Office franchise with the XML-based Office 11 in 2003 with the hope of meeting these customer demands for open-standard file formats. So much so, they hope this new approach will help to grow the Office business to $20 billion by 2010.12

Myth #8: Compatibility is better with OSS.

Reality: Operating systems to applications — apples to oranges

Although IBM makes a strong case that Linux aids enterprise-wide compatibility by linking disparate hardware with a single OS, it’s another story with applications. Imagine multiple copies of slightly but critically different software running across government purchasing departments, all trying to exchange files and data both inter- and intra- governmentally. This presents a nightmare for file and data sharing, especially between governments that deal in specialized and sensitive data. Governments that modify the source code to match these specialized needs should realize they will have to support it, and support it themselves, indefinitely.

Conclusion

The task of government administration and citizen service is complex, specialized, and massive. As such, in order not to waste millions of dollars pursuing increased efficiency and effectiveness leveraging technology, governments must cast a critical eye when considering any software purchase and deployment, proprietary or otherwise. Governments are better served by encouraging proprietary and open source firms to compete on service, price, and product to yield the best of all three. Mandating the use of only open source products will limit choice, harm native software firms, and may not be the big money-saver governments are looking for.

About the Authors:

Michael J. Tavilla is Research Director at the Association for Competitive Technology (ACT), a Washington-based, national education and advocacy group for the technology industry. Representing mostly small- and mid-sized companies, ACT is the industry’s strongest voice when it comes to preserving competition and innovation in the high-tech sector. Prior to joining ACT, Michael was the Senior Research Associate on the Internet Policy & Regulation Research Team at Forrester Research in Cambridge, Massachusetts. Michael earned his BA in Political Science from The George Washington University.

Steve DelBianco is Vice President for Public Policy at the Association for Competitive Technology (ACT). He also serves as Executive Director of NetChoice, a coalition of eCommerce businesses and IT trade associations promoting commerce, convenience, and choice on the Net. Prior to joining ACT, Steve was founder and president of a software consulting firm that grew to several U.S. locations before being acquired by a public company. Steve earned his MBA at the Wharton School and holds both Engineering and Economics degrees from the University of Pennsylvania.

Endnotes

1 “Servers With a Smile,” Fortune Magazine, September 30, 2002, p. 195.

2 70 nations are considering adopting procurement preferences, removing all proprietary software firms from the

bidding process. Legislation has been proposed in nations including Peru, Brazil, and Mexico. In the United States,

California is considering the Digital Software Security Act (DSSA) that would require government entities buy only

software whose code is open and available.

3 Tim Sheehy, Director of Electronic Commerce Policy, Corporate Public Affairs, IBM at the Georgetown

University Open Source Summit: Public Interest & Policy Issues, October 2002, Washington, DC.

4 Dr. Gene Spafford, Director of the Center for Education and Research in Information Assurance and Security,

Purdue University. Interview October 2002, http://www.esecurityplannet.com.

5 Anderson, Ross, “Security in Open versus Closed Systems – The Dance of Boltzmann, Coase, and Moore,

Cambridge University, p. 5. Submitted at the GREMAQ Workshop On The Economics of Internet and Innovation,

Toulouse, France, June 2002.

6 “Virus writers get Slapper happy,” CNET News, October 4, 2002.

7 The Computer Emergency Report Team (CERT) at the Carnegie-Mellon University. A CERT report released in

the fall of 2002 claims that security alerts for open source and Linux software accounted for 16 out of the 29

advisories published during the first 10 months of 2002. During those same 10 months, only seven security problems

were documented in Microsoft products.

8 Joe Barker, Senior Systems Engineer and leader of Amazon.com’s Linux Program, quoted in “Amazon.com

Migration From Unix To Red Hat Linux,” IDC, March 2002.

9 “Servers With a Smile,” Fortune Magazine, September 30, 2002, p. 202.

10 IDC, “Windows 2000 Versus Linux in Enterprise Computing.”

11 The August 2000 Forrester Report “Sizing US eGovernment.” Based on interviews with 45 federal, state, and

local CIOs.

12 The October 22, 2002 Forrester Brief, “Microsoft Introduces the Live Document”

8 “Virus writers get Slapper happy,” CNET News, October 4, 2002.

9 Dr. Gene Spafford, Director of the Center for Education and Research in Information Assurance and Security,