Open Source

Finalized OMB open-source policy takes industry concerns into account

Shutterstock image: software development.

Although it is still sifting through the details of the Office of Management and Budget's new open-source software policy, one industry group is comfortable with the final product.

"At first take, it does look like they tried to address our concerns," said Pam Walker, senior director for federal public-sector technology at the IT Alliance for Public Sector (ITAPS).

OMB released the long-anticipated guidelines for improving how agencies share federally developed software source code on Aug. 8. U.S. CIO Tony Scott said he and his team have been honing the policy for months using feedback from vendors and others gathered via the code-sharing site GitHub and other sources.

After a draft policy was issued earlier this year, OMB received 2,000 comments in a little over a month. Scott said officials reviewed the comments, "and as a result of your participation, the final policy has emerged much stronger."

In April, ITAPS had posted concerns about the draft policy on GitHub, saying it lacked specifics, such as definitions of custom-developed code and mixed software, and metrics for OMB's proposed open-source pilot program. In addition, ITAPS said some agencies leaned toward using brand names rather than addressing technological need.

Walker said the policy issued on Aug. 8 appears to address those concerns, but she added that ITAPS member companies are conducting a more detailed review.

For the duration of the pilot program, the policy calls for agencies to open a minimum of 20 percent of their custom code, and it requires them to release as much custom-developed code as possible. It also expressly calls for "technology-neutral" approaches.

In addition, the policy provides a three-step test agencies should follow when acquiring software to determine whether an existing federal or commercial solution could do the job before turning to new custom software.

Walker said OMB has been releasing IT policies at an increasing rate this summer. The agency issued a category management policy for mobile devices and services on Aug. 5 and a category management policy for software licensing in June. It issued similar guidelines for desktop and laptop computers in late 2015.

She added that the Obama administration is trying to cement its IT legacy before the coming election, and she expects the White House to release a policy on controlled unclassified information and another on integrating cybersecurity into acquisition.

"In the rush to get to the end, I hope they're not making mistakes," she said.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at [email protected] or follow him on Twitter at @MRockwell4.


  • FCW Perspectives
    zero trust network

    Can government get to zero trust?

    Today's hybrid infrastructures and highly mobile workforces need the protection zero trust security can provide. Too bad there are obstacles at almost every turn.

  • Cybersecurity
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    NDAA process is now loaded with Solarium cyber amendments

    Much of the Cyberspace Solarium Commission's agenda is being pushed into this year's defense authorization process, including its crown jewel idea of a national cyber director.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.