Open Source

Finalized OMB open-source policy takes industry concerns into account

Shutterstock image: software development.

Although it is still sifting through the details of the Office of Management and Budget's new open-source software policy, one industry group is comfortable with the final product.

"At first take, it does look like they tried to address our concerns," said Pam Walker, senior director for federal public-sector technology at the IT Alliance for Public Sector (ITAPS).

OMB released the long-anticipated guidelines for improving how agencies share federally developed software source code on Aug. 8. U.S. CIO Tony Scott said he and his team have been honing the policy for months using feedback from vendors and others gathered via the code-sharing site GitHub and other sources.

After a draft policy was issued earlier this year, OMB received 2,000 comments in a little over a month. Scott said officials reviewed the comments, "and as a result of your participation, the final policy has emerged much stronger."

In April, ITAPS had posted concerns about the draft policy on GitHub, saying it lacked specifics, such as definitions of custom-developed code and mixed software, and metrics for OMB's proposed open-source pilot program. In addition, ITAPS said some agencies leaned toward using brand names rather than addressing technological need.

Walker said the policy issued on Aug. 8 appears to address those concerns, but she added that ITAPS member companies are conducting a more detailed review.

For the duration of the pilot program, the policy calls for agencies to open a minimum of 20 percent of their custom code, and it requires them to release as much custom-developed code as possible. It also expressly calls for "technology-neutral" approaches.

In addition, the policy provides a three-step test agencies should follow when acquiring software to determine whether an existing federal or commercial solution could do the job before turning to new custom software.

Walker said OMB has been releasing IT policies at an increasing rate this summer. The agency issued a category management policy for mobile devices and services on Aug. 5 and a category management policy for software licensing in June. It issued similar guidelines for desktop and laptop computers in late 2015.

She added that the Obama administration is trying to cement its IT legacy before the coming election, and she expects the White House to release a policy on controlled unclassified information and another on integrating cybersecurity into acquisition.

"In the rush to get to the end, I hope they're not making mistakes," she said.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at [email protected] or follow him on Twitter at @MRockwell4.


  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected