VA sees problems in open-source development for VistA

Potential hurdles eyed in licensing, certification and governance

The Veterans Affairs Department sees advantages in using open-source software to modernize its Veterans Health Information Systems and Technology Architecture (VistA) system, but it anticipates several problems if it takes that step.

The VA issued a request for information Aug. 11 asking for industry to deal with anticipated concerns related to open-source development for VistA.

The request follows a recommendation from an Industry Advisory Council working group in May 2010 that the VA create an open-source development program to update VistA. VA Chief Information Officer Roger Baker has invited the group to submit advice on modernizing VistA.


Related story:

VA moves closer to IT modernization decision


The VA is seriously considering an open-source development program, but it has reservations about configuration management, copyrights and licensing, governance structure and certification and validation of any open-source code developed in the process, the RFI stated.

“The VA is considering an ‘open-source’ model for VistA that would enable VA to benefit from innovations that third parties could make available according to a code-sharing framework,” the RFI stated. The RFI lists three advantages of open source: the possibility of greater innovation and integration of new capabilities; likely improvements in capabilities, quality, reliability, and robustness; and broader proliferation of common electronic health record software and solutions.

Meanwhile, open-source development also presents problems, the RFI stated.

Although the collaboration in the open-source community brings options, it also requires an appreciation for the necessity of effective configuration management; the sensitivities regarding intellectual property such as copyrights and licensing, the necessary governance around dynamic development collaborations essential to code and "kernel" stability and robustness for the long term, and the absolute necessity for certification, validation and review of code before release, according to the RFI.

The RFI asks vendors to respond to a series of questions about a potential open-source system for VistA modernization. The questions included:

  • What role should VA assume in an Open Source VistA Ecosystem, as user, developer, maintainer, certifier, operator, and/or distributor?
  • What role should non-VA sponsored developers assume in an Open Source VistA Ecosystem?
  • What specific functions of VistA Open Source should the VA be prepared to fund?
  • How would the VA go about participating and collaborating in the open-source community?
  • How would the VA implement software components available through open-source or licensed software channels into the mainline of VistA?

Vendors were invited to respond by Aug. 25 and to submit white papers and additional questions.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

The 2014 Federal 100

Get to know the 100 women and men honored this year for going above and beyond in federal IT.

Reader comments

Thu, Aug 19, 2010 AC

Open source software is probably the best choice for governments and large corporations to use for infrastructural software for at least one reason: you have full access to the complete source code and the toolchain required to maintain and upgrade it. With closed source, proprietary, software, you're merely setting yourself up for a future disaster: software companies come and go, and there is no way to predict if a particular company will still be in business at any given point in the future. If your agency, of firm, uses proprietary software for a critical part of your mission, you risk being incapable of performing that mission when the software is obsolete or the company behind the software ceases to exist. Open source software is a prudent choice for agencies, or companies, which require software with service longevity and must have the capability to maintain and upgrade their own systems as need dictates.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above