SLEASE ESSAY

Open vs Closed
Investigation into the benefits and
detriments of openness of software for
public sector organisations
Murray Wilson
The question whether open or closed software is better has been a long fought
The
battle. question
There whether
are many open or
different closed
people and software
sectorsisthat
better
usehas been aand
software long
whose’
needs are totally
fought battle.different.
There are The public
many sectorpeople
different holds vast
and quantities of use
sectors that sensitive
datasoftware
that needsanda whose’
high level of protection
needs are totallyand security.
different. TheSopublic
the question stands is
sector holds
OSS vast
the right thing for these organizations or should they remain with closed
quantities of sensitive data that needs a high level of protection
source software. There’re many benefits for both open and closed as well as
and security.
detriments. Security So for
theclosed
question standsisisfairly
software OSS tight
the right
and thing
has afor these
professional
organizations
development teamor should to
working they
findremain
bugs but withfights
closed source
against a software.
huge community
There’re
trying to breakmany
theirbenefits
software, forwhereas
both open on and closedhand
the other as well
OSSashas
detriments.
the same
amount of people
Security tryingsoftware
for closed to find bugs to break
is fairly the software
tight and but has a huge
has a professional
backing of people team
development looking for bugs
working to to
findfix. Other
bugs butproblems that the
fights against public sector
a huge
face community
is cost and the
trying to break their software, whereas on the othervery
correct use of the tax payers money and OSS is handcheap
compared to closed, however the reliability issue still stands and with closed
OSS has the same amount of people trying to find bugs to break the
software you are paying for a fixed level of quality.
software but has a huge backing of people looking for bugs to fix. Other
problems that the public sector face is cost and the correct use of the
tax payers money and OSS is very cheap compared to closed, however
the reliability issue still stands and with closed software you are paying
for a fixed level of quality.

Introduction

Open source software (OSS) is software that’s source code and other rights normally reserved

for the copyright holder meets the Open Source Definition of is in the public domain. This

means that anyone can use, change, modify and redistribute it in its modified or un-modified

form. [1]

This essay is going to investigate the benefits and detriments of OSS if used by public

sector organisations. These organisations include government, local government, public

healthcare organisations etc.

Information in these sectors can be, and is usually, confidential and sensitive. Such

information held can include the public’s health records, financial records, bank information,

religious and ethnic information among others. As a result the software that these

organisations use has to be secure and well protected. This report will also look into whether

OSS can provide a suitable level of protect based on these facts.

 The simplest way to discuss the pros and cons of open and closed software is to look

at what makes up both of these types of software and relate them to public sector

organisations. For this reason when evaluating the benefits and detriments of OSS the Open

Source Definition will be used (details of the Open Source Definition will follow in the next

section).

Introduction into Open Source Software

In order to determine whether a piece of software can be considered as open source, an

organisation call the Open Source Initiative (OSI) has compiled a list of ten criteria which the

piece of software must comply with. This list is called the Open Source Definition (OSD). [2]

The list of criteria is as follows;

• Free distribution

• Must include source code

• Derived works

• Integrity of the authors source code

• No discrimination against persons of groups

• No discrimination against fields of endeavour

• Distribution of licence

• Licence must not be specific to a product

• Licence must not restrict other software

• Licence must be technology-neutral

However it is a common myth that open source software is automatically freeware. OSS

can be sold on like normal but once a person has bought it they are free to do whatever they

wish with that software, including copying it and selling it on themselves. This is covered in

the GNU GPL (General Public Licence). [3]

 However most OSS is free to download making it quite popular with the general

public, or those who know about such software. Some businesses however remain rather

dubious about OSS as they may find it to be either damaging the market of commercial

software or dubious about the direction the software produces and their future, as the

software has no proper financial backing. These software developers do however tend to offer

training courses for their software which companies can send their staff to for a fee. This is

where OSS developers generally make their money.

Benefits and detriments of open source software

There are many things that organisations within the public sector look for when choosing

software. Is it reliable? Does it have ample security measures? What does it cost? Are the

software developers reliable? These organisations would normally look to proprietary

software as it is generally made by businesses that have substantial financial backing to

update and maintain the software packages.

However in February 2009 the British government published a policy that aimed at

promoting OSS in the public sector. [4] A ten point action plan was drafted to show the areas

that the government were going to concentrate on, which included “It will also work with

systems integrators and software suppliers to open up their solutions to meet open standards,

to include open source and facilitate re-use”, “The CIO Council will regularly assess open

source products for their maturity and recommend those that meet agreed criteria.” and

“Government purchasers will use a standard OGC approved OJEU clause to make clear that

solutions are purchased on the basis that they may be re-used elsewhere in the public sector.”.

The main reason for this move was to save the taxpayer’s money.

This is one of the top benefits of OSS. The software itself is usually free to download

and use, which is a very important factor. Budgeting for public sector organisations can be
very tight and extremely large sums of money can be spent on purchasing licensed software.

This also means that multiple copies of a program and be distributed to many departments

around such organisations. The public can also see the software that their services are

utilising which can inspire more trust within the community, which is a positive boon for any

public organisation.

One of the main problems for organisations in the public sector is keeping any

information they hold secure. These organisations hold very sensitive personal information

such as bank details and health records; things that the public would not like to go missing or

fall into the hands of the wrong people. As such security is one of the top priorities for such

organisations when choosing software.

Among the list of criteria in the OSD is that the source code of the software must be

publically available and free for modification. This can be related to security and can be both

a positive and a negative. Software that is new will have comparatively the same number of

bug to another new piece of software, be it open or closed source. A piece of software that is

bought and that isn’t open source will have a small development team looking for bugs

compared to the masses of online users that will be looking for ways into the software and

find bugs that they can take advantage of and use maliciously, such is the nature of the online

world. In the case of open source although there would be the same number of people looking

for bugs to take advantage of, there is a much larger group of people looking for bugs and

reporting them and developing fixes. This whole area has been labelled as “No security

through obscurity” or “Security through transparency”. [5]

Of course the negative to this is that the group of people who are out looking for bugs

in OSS who will develop fixes are in essence volunteers so the their efforts could be seen as

lax compared to the efforts that software engineers of large software companies would
generally put in. Of course this may not be true but it is something that public sector

organisations will pay close attention to.

One other area that will be of great importance to public sector organisations is the

reliability of both the software and its distributor. Software that is developed by software

firms, such as Oracle or Microsoft, will have regular updates and the companies have to keep

their software maintained in order to remain in the market. This is a great benefit of

proprietary software as well as the financial backing that such companies have to constantly

update their software to a high standard. The drawback is that such companies (even big ones

like Microsoft) will have a small number of people producing such updates.

OSS on the other hand has a totally different benefit. It has a vast number of people

producing updates and modifications to the software so problems can be found faster and so

therefore updates can, and generally do, happen at a more constant rate. However the

drawback to this is that the people producing such updates are, as previously described,

volunteers and so the quality of updates can be questionable.

Conclusion

This report has investigated the pros and cons of the use of OSS within organisations of the

public sector, such as government, local government, health services, educations etc. Such

benefits include its cheapness to procure, which is a major factor in the choosing of software

for such organisations, the reliability of the software and its developers and the security

aspects of the software. However drawbacks have also been discovered such as the lack of

financial backing of the producers of OSS and the image that OSS is developed by common

people and not businesses looking to produce quality software for the market place.

The pros and cons of closed or proprietary software has also been looked into and the

concept of “security through transparency” or “no security through obscurity” has been
investigated. It has been show that although companies developing software for the market

that don’t share their code has a safe guard against people with malicious intent, they are still

a very small team looking for bugs fighting against a very large community. This is the

opposite in the case of OSS as the two communities (those looking for bugs to make fixes

and those looking for bugs to take advantage of them) are of a fairly similar size and so bugs

can be found and taken care of at a quicker pace.

A brief look into what OSS is has also been included, with information of the Open

Source Initiative (OSI) and the Open Source Definition (OSD). The OSD is the list of criteria

that software needs to comply too in order to be classified as open source. The difference

between OSS and freeware has also been briefly described.

What I have learnt

I have learnt a great deal about open source software during the course of this report. I have

always been one for using software that has been developed by well established firms as I

like the peace of mind that there is always support for the software I am using and don’t mind

having to spend money for this privilege. As research for this report progressed I was

surprised to discover that the laws involved with OSS are well established and that their

growing reliability has resulted in a gain in popularity.

I have also been one for not fully, if at all, trusting the general public and a piece of

software developed by them and updated by them is not something I would generally bring

myself to own. Yet again I was to find that even the government was starting to see OSS as

an alternative or addition to the software that they used.

In my ignorance I always thought that open source meant free. I was surprised to

discover that open source meant nothing of the sort and that such software could be sold and

the level of law that was established for this. The GNU GPL and the OSD are very well
documented and structured pieces of legislation, and I never knew anything of the sort was

about for OSS.

References

[1] http://www.opensource.org/ Introduction to OSS (checked 01 Dec 2009)

[2] http://www.opensource.org/docs/definition.php Open Source Definition (checked 01 Dec

2009)

[3] http://www.gnu.org/licenses/gpl.html General Public Licence (checked 01 Dec 2009)

[4] http://www.theregister.co.uk/2009/02/25/gov_open_source/ News article (checked 01 Dec

2009)

[5] John P. Loughlin, Security Through Transparency: An Open Source Approach to Physical

Security, Journal of Physical Security 3(1), 1‐5 (2009) found on

http://jps.anl.gov/Volume3/Paper1_Loughlin.pdf (checked on 01 Dec 2009)