An open source stimulus program would create jobs and build better software Last week, a group of open source execs sent an open letter to the president, asking that he “make the use of open source software a key component of every new technology initiative the United States government enters into.”Since then, a number of security companies have raised scary points about vulnerabilities in open source and (what a surprise) suggest that they could help out. Sure, that’s the kind of opportunism we generally ignore, but even so, the issue is worth discussing.[ Open source has already had real success entering the federal government market. But concerns about security remain an obstacle. ] Open source is transparent No one has a monopoly on good security practices or secure code, and that includes the open source community. But there is something really different about open source that the president’s advisers should consider. As open source consultant and writer Bernard Golden puts it: “There’s security through obscurity and security through transparency.”What Golden means is this: When a company or a government buys proprietary software, there’s no sure way to know how secure it is. Certainly, major software companies have a track record that can be examined, and careful buyers should do just that. (Of course, that raises the question of why anybody would run Windows, but that’s another story.) Buyers of proprietary software have to accept the assurances of the vendor because they can’t get their hands on the source code or have much, if any, visibility into the development process. That’s not the case with open source. Not only is the code visible, but there’s no reason why a huge customer like the federal government couldn’t get involved in the development process to be sure the software really is secure, suggests Golden.[ Who’s turning out great open source security apps? Find out who was awarded the InfoWorld “Bossie ” ] Open source stimulus bill I’d take Golden’s logic a step further. Why not allocate, say,$10 million, a rounding error in the just-passed stimulus bill, to fund the development of more secure software?As the Republicans have told us over and over again for the last year, small business is the engine of job creation. They’re right. Obviously, companies like Ingres, which signed the letter, are no longer small, but much of the creative work in open source comes out of companies with fewer, often far fewer, than 100 employees.Once the government expands its use and support of open source, venture money — which is drying up in the current recession — would again start flowing to those small companies, allowing them to hire or rehire some of the tens of thousands of unemployed IT workers. Letter to Obama As he campaigned for White House and later for passage of the stimulus bill, the president talked about the need to modernize and digitize health records. There is, of course, no doubt that security has to be a top-priority in that effort.The signers of the letter argued that “open source software brings transparency to software development. There are no black boxes in open source software and therefore no need to guess what is going on behind the scenes. Ultimately, this means a better product for everyone because there is visibility at every level of the application, from the user interface to the data implementation. Furthermore, open source software provides for platform independence, which makes quick deployments that benefit our citizens much easier and realistic.” The point about black boxes is key, as anyone who has followed the electronic voting machine debacle knows well. Because the states don’t really know how those machines work, they have been unable to get a handle on the security threat they pose — or don’t pose. Allowing that situation to develop in the health-care industry would be equally unacceptable.Interestingly, the Department of Homeland Security has been giving the issue of open source some thought as well. Seat belts and software It’s worth remembering that the auto industry adamantly opposed even basic safety measures like seat belts until the government forced them to budge. And much of the groundbreaking research that made cars significantly safer came out of a program at Cornell University that was initially funded by government grants.Software isn’t a seat belt, but the stakes are equally high. The signers of the letter to Obama had it right: Open source should be on the short list when the government buys software. And modest government investments in software security would have the secondary effect of putting IT workers back on the job.I welcome your comments, tips, and suggestions. Reach me at bill.snyder@sbcglobal.net. Technology Industry