Tuesday, July 20, 2010

Managing Open Source Software

DoD CIO’s “Guidance Regarding Open Source Software (OSS)” of October 16, 2009 states that OSS meets the definition of commercial computer software and shall be given preference in software acquisitions.

Capers Jones, in “Quality and Productivity Comparison of Selected Software Development Methodologies” (Version 11) of 6/4/2010 shows a range in the costs of software. The development costs plus five years of use for 1,000 Function Points are as follows:
-        85% reuse of certified code = $54,032
-        Capability Maturity Model 1 method = $2,804,224

Reusing certified software from open sources is clearly the most advantageous way for DoD to write applications programs. 

What is needed is a programming model for open source code that insulates software components from the complexities of platform services, from application management, from transaction control, from security assurance and from data access procedures. In this way components can be configured and then “wired” together. The result is a code that is more portable, reusable, testable and maintainable.

The largest open source code library is SourceForge.net, although there are many other similar collections. Library documentation shows how to install downloaded code into applications at no cost.

SourceForge includes: Engineering (19,320 components); Formats and Protocols (5,185); Database (9,175); Security (5,070); Printing (756); Terminals (889); Business (13,200); System (24,737); Desktop Environment (4,918); Software Development (35,265); Communications (19,712); Multimedia (18,221); Text Editors (4,138) and Internet (31,620).

Each component would be tagged with its size (in megabytes), the number of weekly downloads, an index of quality (% of recommendations received) and the number of reviewers. A random sample showed a 32MB component with 759 weekly downloads and a 94% acceptance level by 19 reviewers.

DISA has extracted from the SourceForge the Forge.mil web. It has been modified to meet DOD security requirements with smart cards used to provide log-in credentials. There are only few open-source components hosted at Forge.mil so far. All of the code is open for public view, though only those with Defense Department credentials can edit or contribute. 

Meanwhile, the DoD issued a memorandum (10/16/09) mandating the use of Open Sources Software (OSS). * The memorandum states that:

1. OSS is defined. The definition is actionable.
2. OSS shall be used in classified and in unclassified environments.
3. Director, Enterprise Services is the lead on promoting OSS.
4. OSS meets the definition of “commercial computer software”.
5. OSS shall be given statutory preference in all acquisitions
6. PEOs required to conduct market research on OSS availability.
7. Market research for software must include OSS.

The Defense Department is committed to using open source software as a customer as well as a developer. Program Executive Officers (PEOs) will have to verify the integrity of open source components to preserve a continuation of peer reviews.  PEO will also have to see to it that expensive contractor originated code will be kept to a minimum.

* http://cio-nii.defense.gov/sites/oss/index.shtml

No comments:

Post a Comment

For comments please e-mail paul@strassmann.com