CASE
The U.S. Defense Department is enlisting an open source approach to software development, which is an about-face for such a historically top-down organization. The Department of Defense (DoD) says open-source software is equal to commercial software in almost all cases and by law should be considered by the agency when making technology purchase decisions. In terms of guidance, the DoD says open-source software (OSS) meets the definition of "commercial computer software" and thus executive agencies are required to include open source when evaluating software that meets their computing needs. OSS is defined as "software for which the human-readable source code is available for use, study, reuse, modification, enhancement, and redistribution by the users of that software." In addition, it lays out a list of open-source positives, including broad peer-review that helps eliminate defects, modification rights that help speed changes when needed, a reduction in the reliance on proprietary vendors, a licensing model that facilitates quick provisioning, cost reduction in some cases, reduction in maintenance and ownership costs, and favorable characteristics for rapid prototyping and experimentation. "The continuous and broad peer-review enabled by publicly available source code supports software reliability and security efforts through the identification and elimination of defects that might otherwise go unrecognized by a more limited core development team," states deputy CIO David Wennergren in a memo to top military officials. "I would consider this a milestone day," says John Scott, director of open-source software and open integration for Mercury Federal Systems, a technology consultancy to the U.S. government. Scott helped draft some of the open source guidance contained in the memo, which took about 18 months to draft.
"The 2003 policy study was OK to use, but this one goes a bit further in expanding on what open source is and why you would want to use it. But it is not just about usage, it is also about helping create OSS by submitting changes back out to the public." Scott says he believes this is the first time guidance has been issued about sharing the government's own open source changes with the public. Taken together, two developments show how the Defense Department is trying to take advantage of Web-based communities to speed up software development and reduce its costs. Dave Mihelcic, CTO of the Defense Information Systems Agency, says the military believes in the core Web 2.0 philosophy of the power of collaboration. The military has launched a collaborative platform called Forge.mil for its developers to share software, systems components, and network services. The agency also signed an agreement with the Open Source Software Institute (OSSI) to allow 50 internally developed workforce management applications to be licensed to other government agencies, universities, and companies. "The Web is a platform for harvesting collective intelligence," Mihelcic says. He points to "remix able data sources, services in perpetual beta and lightweight programming models" as some of the aspects of open-source software development that are applicable to the Defense Department. One example of the Defense Department's new community-based approach to software development is Forge.mil, which was made generally available for unclassified use within the department in April 2009. Forge.mil is powered by Collab Net Team Forge, a commercial lifecycle management platform for distributed software development teams, and is modeled after the popular SourceForge.net.
The Defense Information Systems Agency (DISA) has issued version two of Software Forge (software that runs on the Forge.mil site to enable sharing and collaborative development of open-source software) after a three-month trial that grew to 1,300 users. Software Forge provides software version control, bug tracking, requirements management, and release packaging for software developers, along with collaboration tools such as wikis, discussion forums, and document repositories, DISA says. DISA also says it will deploy a cloud computing-based version of the Software Forge tools for classified environments. DISA also plans to add software testing and certification services to Forge.mil. Mihelcic says Forge.mil is similar to the "Web 2.0 paradigm of putting services on the Web and making them accessible to a large number of users to increase the adoption of capabilities. We're using the same collaboration approach to speed the development of DOD systems." Meanwhile, DISA has licensed its Corporate Management Information System (CMIS) to the OSSI to develop an open-source version of the 50-odd applications that DISA uses to manage its workforce. The CMIS applications support human resources, training, payroll, and other personnel management functions that meet federal regulations. DISA, which provides IT services to the Department of Defense, made the decision to share its applications after other agencies expressed interest in them, says Richard Nelson, chief of personnel systems support at DISA's manpower, personnel, and security directorate. "Federal agencies discovered that the applications we have could be of benefit more widely," he says. Interest is coming from states and counties, as well.
DISA worked with the nonprofit OSSI, which promotes the use of open source in government and academia. OSSI copyrighted the software stack and licensed it back to DISA, making it available at no cost to government agencies under the Open Software License 3.0. "It's already paid for because the taxpayer paid for us to build it," Nelson says. OSSI wanted to create a process that could be repeated with other government-built applications. "The opportunity was more than the product," executive director John Weather by says. "One of the key things was to set up a system, a process that can be replicated by other government agencies." CMIS comprises more than 50 Web applications, including workforce management, automated workflow, learning management, balanced scorecard, and telework management. CMIS has 16,000 users, including DISA employees and military contractors. Originally written in 1997, CMIS was revamped in January 2006 using the latest Web-based tools, including an Adobe Cold Fusion front-end and a Microsoft SQL Server 2005 back-end. Nelson says CMIS is easy to use because it takes advantage of modern Web-based interfaces, including drop-down lists for data input. "We've been able to cut down on help desk support so substantially," Nelson says. "With the old version, we were running anywhere from 75 to 100 help desk calls and e-mails a day. Now our average is less than five e-mails and calls.
It's not because people are using it less but because it has fewer problems." Nelson says a key driver for CMIS is that it needs to be so intuitive that users don't need training. "If the customer requires instruction on the product, we have failed and we will do it over," Nelson says. "The reason that we're able to do that so successfully is that we take a somewhat different approach to the way most software is designed. Most software is designed so that business logic and processes need to follow software logic and process. Therefore it requires substantial training. We do it exactly opposite." The OSSI will make CMIS available in two different licenses: a regular open-source license for government agencies and companies, and a free license for academia. Nelson says CMIS has a cutting-edge approach to learning management, handling everything from training course sign-up to approvals and payment. Another unusual feature of CMIS is its telework management application. Nelson says he hopes many organizations will license CMIS and start adding new capabilities so DISA can take advantage of a vibrant CMIS community of developers. Within three years, "I would hope that a number of others inside government and beyond are using it," Nelson says. "I'm hoping we all have ready access to qualified developers. I'm hoping that DISA gets access to a substantial number of additional applications . . . without having to build them ourselves." Going forward, DISA wants to encourage use of and training in Adobe Cold Fusion, which it used to build OSCMIS, to increase the talent pool of OSCMIS developers. "We would even like to start with kids in high school to get them interested in software development as a career," Nelson says."
CASE STUDY QUESTIONS
1. Given the critical nature of defense activities, security in this environment is a primary concern. How do the agencies discussed in the case address this issue? Can you think of anything else they could be doing? Provide some recommendations.
2. The U.S. Department of Defense is arguably one of the largest organizations in the world. Managing technology for such an organization is certainly a major endeavor. Does the shift toward open-source initiatives help in this regard? Does it hurt? Discuss the advantages and disadvantages of adopting open-source applications in large organizations.
3. After reading the case, do you think the shift to open source software involved a major cultural change for the Department of Defense? Would you expect the same to be the case for large companies? Justify your answer.