The Conservative party was misguided in criticising the UK government for not implementing open source technology, according an IT security firm.
"The Conservatives have accused the government of failing to capitalise on open source software, despite reports from government agencies that have recommended its usage," said Richard Kirk, Fortify's VP and GM of Europe.
Last week, the Tories claimed government departments had bypassed the software, despite reports that had recommended its use.
"The UK government is falling far behind," said the statement from the office of the shadow chancellor, George Osborne. "Too much taxpayers' money is being wasted as a result of flawed procurement, risk-adverse bureaucracy and a lack of incentives for cutting costs."
But Kirk said Fortify's own research has shown that OSS exposes users to "significant and unnecessary business risk". This is because security is often "overlooked," according to Kirk, which makes users more vulnerable to security breaches.
"That's not to say that commercial software isn't without risks, but any flaws on commercial applications tend to get patched a lot faster than on open source, as the vendors producing the software have a lot more to lose than an open source programmer," he said.
The cost argument is also flawed, according to Kirk. While open source has lower direct purchasing costs, there are "indirect and less tangible costs" than can "often outweigh the direct cost savings". These indirect costs are related to end-users being forced to test and patch for security bugs, according to Fortify's research, which criticises the open source development process, claiming that "little has been done within the OSS community to implement enterprise-worthy application security measures".
"The cost of ruggedising software and generally ensuring that no faux pas will be experienced in the organisation adopting the open source code can end up costing firms a lot more in the longer term. And that's before you factor in the risk associated with using software that is potentially flawed," said Kirk.
The Conservatives released recommendations drawn up by Mark Thompson, a lecturer in information systems at Cambridge University's Judge Business School.
In the paper prepared for the Conservatives, Thompson identified seven ways in which UK government can benefit from an open IT procurement process, which is supported by open standards and open source models. One of these recommendations includes putting a £100 million spending cap on government IT contracts and opening up procurement to small firms using open source software.
"With the exception of infrastructure projects, we recommend that: No government IT contract should last for more than 24 months; and no single government IT contract should have a value of over £100 million," Thompson told Computerworld UK.
Thompson’s report argues that savings would come from reduced licensing costs, but also from freeing government bodies from "long-term, monopoly supply situations”.
Other key recommendations include revising OGC Gateway processes to make it more difficult to automatically select proprietary architecture, establishing a "commercially-empowered" Government CIO supported by a well-funded proactive centre of excellence, and creating an XML open gateway for data standards for major government IT systems.
Glyn Moody's blog about Jumping on the open source bandwagon