Open Source and Open Standards key to future of public sector IT

Posted on April 25, 2013 by Scott Wilson

Last week Open Source, Open Standards 2013 took place in London, an event focussed on the public sector. Naturally these being two topics we’re very keen on here at OSS Watch I went along too.

Overall the key message to take away from the event was just how central to public sector IT strategy these two themes have become, and also how policy is being rapidly turned into practice, everywhere from the NHS to local government.

Tariq Rashid, the Open Source policy lead for the UK Government, spoke of the need for IT to be focussed on user needs, and to deliver sustained value, by moving from “special” software procured for the public sector, to services delivered using commodified IT.

Even where services are unique to the public sector, Rashid and other speakers at the event made the case that most elements of such services can be delivered by building on commodified IT. For example, the open source CMS Drupal is used for delivering increasing numbers of public sector IT services, and the Government Digital Service builds its services from open source components.

The two strategies of Open Source and Open Standards are necessary as they create the ‘competitive tension’ needed to drive down cost and improve sustainability.

Mark Bohannon of Red Hat gave an overview of the global landscape of Open Source in government, in the US and UK, and identified the UK policies as being particularly forward looking. Mark positioned Cloud and Big Data as two key areas where Open Source and Open Standards were critical, calling out OpenStack and Hadoop as particular cases, and also provided some great case studies on open source from the military and from space exploration.

Mark made the point that Open Source and Open Standards underpin a more fundamental change in IT, away from big IT projects towards IT that is agile, modular and responsive to user needs.

Ian Levy of CESG dispelled some myths around security and Open Source (“If anyone in UK government says CESG has banned open source send their name to me and I’ll have them killed”) and made the case for a common sense approach to security, whether the software or service is open source or closed source.

Mark Taylor from Sirius has long been an advocate for open source in the public sector, and it was good to be at a point where the message has been heeded! He began with a nice Schopenhauer quote:

All truth passes through three stages. First, it is ridiculed. Second, it is violently opposed. Third, it is accepted as being self-evident.

In the talk he provided lots of practical advice for public sector organisations on putting Open Source into practice, which include calling on those writing tenders to focus on user needs instead of naming technology solutions. Mark also gave a workshop later in the day where he continued this theme, expanding on how public sector organisations and companies had made transitions to open source. Its not very easy to summarise here in a post, but I found the information very practical and useful; for example, when transitioning IT, to start with the systems furthest away from users, such as backend services and infrastructure, to avoid sparking the usual neophobia when you change technologies for users.

Inderjit Singh gave an overview of the NHS standards-based approach to IT, with some nice background on which approaches had been tried and where the current strategy is going. The current approach has been to use a programme of change projects involving SMEs that have engaged 40 new suppliers, and which is accelerating the take up of the standards.

Singh asserted that standards and fundamental for enabling an open architecture, and that open source and open standards go hand in hand in delivering value for users.

After some workshop sessions, we had Alasdair Mangham from the London borough of Camden giving us a look into how they’ve been building services using open source software in collaboration with SMEs. This involved a major shift in contracting – rather than write an huge set of requirements in a tender document, they disaggregated the project and bought in specialist capabilities (in usability, service design, SOA etc) as needed in smaller chunks of time using an agile process.

Graham Mellin gave an overview of the Met Office’s new space weather system built using open standards and using open source software; for their own specialist systems they decided to go down the route of making it Open Source rather than the private partner sharing route as result of an exploitation planning process.

I met with a lot of people at the event, from suppliers, local government, NHS and national government departments, and it was good to get a sense of how the public sector is moving – whatever the pace in individual areas – towards this vision of more affordable, sustainable and user focussed IT, and better utilising the capabilities of UK SMEs and startups.

We pointed out recently in our post in the Guardian, Higher Education in particular is in a strong position in this area as a result of past investments in Open Source and Open Standards, and we now need to think about how we take that forwards.

As Mark Taylor pointed out in his talk, the public sector accounts for over half of IT spend in the UK – and we can choose to either unite and use that market power to shape the future, or be divided up and conquered.

Open Source meets Open Standards

Posted on March 21, 2013 by Scott Wilson

OSS Watch Briefing Paper: Open Standards and Open Source

Open source software and open standards are two of the key interventions in technology policy, whether that policy is made by governments, public sector organisations, or companies.

Open standards can ensure interoperability and assist portability, allowing the switching of solutions and avoiding vendor lock-in. Standards can also help to create new markets, and can also encourage innovation within markets by imposing useful constraints.

Open source software offers benefits of greater flexibility and the potential for reduced development costs and better software quality through collaboration and reuse.

Together, open source and open standards provide the basis for solutions that offer interoperability, cost reduction, and flexibility; no wonder they are seen as such a powerful tool for technology policy!

However, whats often less clear is how the two interact in practice. There is, for example, a fairly widely-held view that open source software is somehow inherently more likely to support open standards. However, in practice this is not necessarily the case, and there are a number of barriers that can actually make it less likely for open source projects to implement standards than their closed-source counterparts.

Open source and open standards should complement one another - but can also counteract each others benefits if policies are developed without paying attention to the way they interact

For example, implementation of a standard requires access to documentation; in many cases this involves payment for access, or paid membership of a consortium – something that open source projects may have difficulty with unless a benefactor or sponsor does this on their behalf. Also, if a project wishes to publicly claim that it implements a standard, this may involve a formal conformance process requiring paying fees for testing and accreditation.

So for policy makers and CIOs, the selection of standards, and the standards setting organisations they originate from, can have a significant impact on the availability of open source solutions to meet their requirements.

Mandating standards that involve patent licensing fees, mandatory expensive conformance testing and assurance, and restricted access to documentation will exclude many potential solutions and providers. This will have the impact of increasing costs, and potentially eliminating the benefits of standardisation altogether if organisations have little practical prospect of switching suppliers.

Conversely, if standards are selected that provide a low barrier to entry to open source then this can be good not just for individual solution procurement, but for interoperability as a whole.Unlike closed-source solutions, with open source it is possible to inspect the implementation of standards and to conduct independent interoperability and conformance testing rather than rely principally on vendor claims. The presence of open source implementations can also influence uptake of a standard; either by making open source libraries available for use within other products, or by providing a good target for interoperability testing for other entrants.

Open source and open standards are key components in technology policy; but its important to know how they can work together – and potentially work against each other.

A new OSS Watch briefing paper provides an overview of the main issues facing implementation of standards for open source projects and developers; for more information see Open Standards and Open Source.

UK Government mandates preferential selection of open source

Posted on March 19, 2013 by Scott Wilson

While the UK government has for some time now been taking measures to level the playing field for open source software in the public sector, for example by pointing out open source options for proprietary systems, the new Government Service Design Manual goes one step further – mandating a preference for open source for government digital services.

An article in Computer Weekly pulls out some of the key paragraphs of the manual, which state that open source should be preferred “in particular for operating systems, networking software, web servers, databases and programming languages” and that proprietary products should only be used in some specific cases – and in those cases to use open standards to avoid lock-in.

A recent article on the new DCMS intranet service exemplifies the new approach to government web services, with the WordPress-based system costing 90% less than the one it replaces.

(Note that the Design Manual applies to creating government digital services, rather than for procuring software in general.)

OSS Watch releases Open Source Options for Education

Posted on January 17, 2013 by Mark Johnson

We’ve written several times recently about the UK Cabinet Office’s Open Source Procurement Toolkit, and the Open Source Options document that forms part of it.

The original document lists open source alternatives for common proprietary solutions that might be used in government and public sector organisations. The types of software solutions listed are mostly generic packages such as operating systems and office productivity suites that would be of use to most organisations. While it contains some software for specialist areas, the document is designed to be broad so doesn’t go into the detailed needs of each area.

With OSS Watch’s focus on open source within education, we’ve produced a document entitled Open Source Options for Education to complement the cabinet office’s which focuses solely on open source alternatives to proprietary solutions used in educational establishments.

Working with the educational community and with the communities around many of the featured projects, we have compiled a list covering various areas of administration and content production that are specific to education, as well as tools that may be used for teaching specific subjects. Where possible, we’ve included real-world examples of their usage.

As the document has the same goals as the cabinet office’s, the guidance we wrote on making use of theirs applies here too.

While some of the tools we’ve included may be generic packages that are included as such in the cabinet office’s document, we’ve looked at them specifically in the context of their application to an educational situation, such as using an office package to author e-books.

OSS Watch would like to thank all of those who contributed to this first version of this document. If you feel that you have a contribution to add, be it an open source alternative to a common piece of proprietary educational software, or an example of one of those pieces of software listed being used in an educational context, you can add your contribution on the publicly editable version of the document, or get in touch with us directly.

O̶p̶e̶n̶ ̶S̶o̶u̶r̶c̶e̶ Software Policies

Posted on November 30, 2012 by Mark Johnson

If you make decisions regarding software procurement in your institution or business, I’d highly recommend you read this article from Opensource.com. In it, Gunnar Hellekson of Red Hat shows that an “open source software policy” can be easily re-written to apply to all software, in a lot of cases by simple removing the phrase “open source”.

There’s always been a lot of FUD surrounding open source software, often produced by the marketing teams of its competitors. Taking the USA’s IRS open source policy as an example, Hellekson, rather than trying to debunk or gloss over the potential risks associated with adopting open source, shows that these risks apply to proprietary software in exactly the same way.

I’ll just take one of his examples from the document mentioned above:

Open source software, while it can be useful in many instances and appear to be cost effective, may present a security risk because open source developers don’t typically follow security best practices when developing their software.

It’s laughable to think that this should be exclusive to open source software. Assuming that it’s true the open source developers don’t typically follow the best security practices (Hellekson argues it’s not, as would I), the licence applied to a piece of software make no difference to the security practice of its developers.

If your developer isn’t security conscious, the fact that no-one outside the company can read the source code isn’t going to change that. When procuring any software, you should always be prepared to mitigate the risk that the software’s not secure.

I was going to finish this post by giving the UK Government’s open source guidelines the same treatment that Hellekson gave to the IRS’s, but it would be unwarranted. Reading though the guidelines, they serve to educate the reader that open source and proprietary software should be treated as one and the same when assessing systems. A flaky open source system shouldn’t be chosen over a robust and secure proprietary system, nor should a robust and secure proprietary system be chosen over a robust and secure open source system purely on the basis of the licence.

While it’s easy to see that the proprietary or open source licence applied to a solution shouldn’t affect whether or not you choose it, at OSS Watch we know it can be hard to assess open source solutions on a level playing field with proprietary ones. Proprietary software is often presented as a single package for you to assess, while an open source solution may consist of several parts from different commercial and community sources. If you’d like help assessing software solutions in an unbiased way, send us an email to info@oss-watch.ac.uk.

New Briefing Paper: “Open Source Options: Making Use Of The Cabinet Office Guidance On Open Source Software”

Posted on November 29, 2012 by Scott Wilson

OSS Watch have released a new briefing paper on using the Open Source Options guidance document from the UK Cabinet Office. The briefing provides additional guidance on making use of Open Source Options for procurement in the education sector. View it here:

Open Source Options: Making Use Of The Cabinet Office Guidance On Open Source Software

“Recipe for Rip-Offs”

Posted on August 2, 2011 by Rowan Wilson

Here in the UK the Public Administration Select Committee has been looking into the poor record government has in procuring IT systems. The title of their report “Government and IT- “A Recipe For Rip-Offs”: Time For A New Approach“ serves as a neat summary of the content. Stating the problem, the report says

The UK has been described as “a world leader in ineffective IT schemes for government“. There have been a number of high cost IT initiatives which have run late, under-performed or failed over the last 20 years including: the Child Support Agency’s IT system, the IT system that would have underpinned the National ID Card scheme, the Defence Information Infrastructure Programme, the implementation of the Single Payments Scheme by the Rural Payments Agency, and the National Offender Management System (C-Nomis).

The main problem, the report says, is that the Government does not have the internal skills to specify and procure IT systems. As a result they tend to rely on large external contractors to manage the process of developing IT systems (and to subcontract to smaller businesses where necessary) . Naturally this involves handing over very large amounts of both cash and power to the ‘head’ contractors, and it is this complete externalisation of the ‘IT customer’ function that the report points to as the key failing in previous large government IT procurements. The answer, therefore, is to get better IT management skills within departments and take on the management of the smaller subcontractors themselves.

This is not the only failing identified. It seems that Government also tends to ‘gold-plate’ (over-specify) security requirements even on systems that do not require it. The report also criticises the tendency to see IT projects as a distinct kind of problem rather than an exercise in change management like any other. Nevertheless, it is the ‘externalisation’ problem which looms largest in the report’s somewhat gloomy findings, and it is in this context that the issue of open source arises.

Early on the report identifies the creation of ‘a level playing field for open source software’ as one of the approaches to solving the problem of Government IT that had already been suggested. In the recommendations, we find that open source is mentioned in the context of providing an open data platform for Government-held data which could be developed upon by third parties to provide analysis and manipulation applications. While both of these suggestions are sound in themselves, I think it is in the core recommendation that we can see the best opportunity to realise value for the UK taxpayer from open source software and development.

While there are very large scale corporations offering open source solutions, the majority of bidders for Government IT contracts offer closed source solutions, often with the bidder themselves retaining ownership of the IPR in the resultant code and licensing it under very restrictive terms. If the current reforms succeed in getting departments to break down IT procurements into smaller interoperating sections and invite bids for these from smaller, more agile developers, the opportunity for existing successful open source projects to be the bases for Government IT solutions expands. Assuming that the newly-acquired IT experts within departments are able to meaningfully engage with the communities around these projects – both through their hired developers and as users themselves – then huge amounts of value in terms of code, user requirements and expertise which are currently locked into closed, non-functioning projects will be available for the good of the community at large. The projects themselves will learn how to interact with Government clients, and software components of general application will find their way back into the public space to benefit other large-scale users.

All of these benefits, though, depend both on an openness to the use of open source software but also on expertise in managing the relationship with that software’s community. So while I welcome heartily the proposal that Government acquire the IT skills to take a hands-on role in managing their IT procurements, I hope that those IT skills will include expertise in exploiting the unique benefits of joining an open source community.

UK Government Open Standards Survey

Posted on March 23, 2011 by stevelee

There’s no date on his introductory post, but Francis Maude, Minister for the Cabinet Office and Paymaster General, has provided an opportunity for us to state which open standards for IT we want the UK government to use. This takes the form of an on-line SurveyMonkey survey that is open until 20 May 2011.

Government must be better connected to the people it serves and partners who can work with it – especially small businesses, voluntary and community organisations. Government ICT must play a fundamental role in making life easier and I want to ensure that it does.

One of our first goals is to organise Government data and systems using an agreed set of standards that make our ICT more open, cheaper and better connected.

If you’re a business or community organisation, helping us choose the right standards will make it easier for you to do business with Government. It will also help us open up data, better informing your decisions, and hopefully prompting innovation.

There’s a lot of detail in the very long list of obtuse standard numbers, but fortunately a mechanism is provided to skip sections you aren’t interested in. Otherwise you can vote on each standard on a scale between mandatory and don’t use. Refreshingly for a survey, there are spaces for you to add your own thoughts (though you can’t add each on a new line as requested).

I spotted couple of typos and more seriously, the Microsoft originated ISO/IEC 29500 Office Open XML is incorrectly called ‘Open Office XML. This is bound to lead to confusion as the alternatively listed ISO/IEC 26300:2006 Open Document Format for Office Applications (OpenDocument) standard was originally implemented in OpenOffice (and is now implemented by LibreOffice).

Open standards play well with open source software developement and we encourage you to take the survey. However do bear in mind the government’s past record in implementing open technology policies. You might also want to look at Glyn Moody’s related post about the Government’s definition of open standards provided in the procurement policy note.

Use OSS Watch’s resources within your organisation

Posted on December 1, 2010 by Sander van der Waal

Open source software projects can form a perfect example of a level playing field in software development. This is especially true for projects that have a meritocratic governance model in place, which by definition recognises all contributions to the project equally regardless of the person or organisation contributing. This is one of the reasons why we believe open source software projects are the prime example of open innovation in software.

It is therefore of no surprise that a lot of the materials that we write at OSS Watch are not just applicable to the Higher Education and Further Education sector in the UK (which form our remit as defined by our main funding body JISC). On the contrary, many of our documents discuss issues related to open source that apply just as well to the public sector at large, or to the commercial sector for that matter. I will highlight a few of the most relevant documents here.

Suppose you are in an organisation that’s developing software either for itself or collaboratively with other departments or other organisations. If you are considering the longer term sustainability of your software you might want to consider releasing your code under an open source licence. To better understand what software development in open source projects actually entails, our document that deals with getting to grips with the open development method could be of interest.

In many cases it is more beneficial to join an existing project community rather than trying to create your own. Joining an existing project means that you can tap into an existing body of knowledge and benefit from the development efforts of other, potentially myriad, developers. To better understand the mechanisms of contributing to an open source project some of more technical documents, like the one that explains what a software patch is, could be helpful. In any case you will have to make sure that all the provisions are in place to be able to contribute your code to the project.

If you are sure there is no existing project where your code will fit, you could consider starting your own open source project. In that is the case, it is important to consider what the right governance model is for your project. Do you want to go with the benevolent dictator model, which leaves all decision to one person or governing body, or do you want to create a level playing field by choosing a meritocratic governance model? Another important aspect in open source projects is ensuring the Intellectual Property is properly managed, which means that you should consider putting a Contributor Licence Agreement in place.

A completely different use case that we come across often is considering open source in a procurement process. Also then many issues are the same irrespective of whether your an academic institution, some other organisation in the public sector, or a commercial company. Our document on decision factors for open source software procurement could be useful in these circumstances. To get a more detailed and substantial view on existing open source projects, we have developed the Software Sustainability Maturity Model that guides you through the most important issues you should consider as an end-user of open source software.

To summarise, there are many aspects of open source software where our resources may be of use. All OSS Watch documents are available under a Creative Commons Attribution-ShareAlike 2.0 England & Wales licence, so you are free to reuse our content as long as you mention where you got it from and make any derivative work available under a similar licence. These are the documents that were mentioned in this post:

Can open source reduce costs?

Posted on March 1, 2010 by Ross Gardler

It is often said that open source software will reduce costs.

Those with little or no experience of implementing computer systems assume these savings come from the fact the free and open source software does not carry a license fee. However, this is not usually the case.

Anyone who has rolled out an software solution, even in a small organisation, will tell you that there are hidden costs. These include training, support, customisation and maintenance.

In 2005 BECTA published “A study of the spectrum of use and related ICT infrastructure costs” which concluded that training and support costs accounted for 60% of total cost for any software solution. The report also found that open source software reduced these costs by 40-50%.

Further to reducing training and support costs, open source can reduce the cost of customisation for specific environments.

It is extremely rare for a back-office software solution to be a perfect fit for any specific organisation straight out of the box. Consequently, the software needs to be customised to suit specific needs. In a closed source environment there is a single provider, or a limited set of approved providers, who can make these modifications. However, in an open source environment anyone with the appropriate skills can make these modifications, including internal staff.

As a result of this competition, market forces can often result in a lower cost for a tailored product. Just how much can be saved here depends on the customisations you need to make.

Finally, the open source culture of code sharing results in lower development costs for the software in the first instance. That is, once one user has commissioned a specific feature or configuration option the results of that work is available to all. As a result, the more a product is used and developed within any given domain, the more widely the development costs are shared. In addition to a reduction of costs open development can significantly increase the rate of innovation as it brings together great minds to collaborate on shared solutions.

Where there is no pre-existing solution to match ones needs the open developent model can be an extremely cost effective way of reducing cost. This process is examined in more detail in our document “Meritocrats, cluebats and the open development method: an interview with Justin Erenkrantz.”

OSS Watch team blog

open source software advisory service

Category Archives: Procurement