BOSTON -- Open source software has gained support in the public sector due to a maturation of products and increased understanding by the government, said Shaun Walker, co-founder and chief technology officer at open source content management vendor DotNetNuke, during a recent conversation with FierceGovernmentIT.

In the past, security has been cited as the Achilles' Heel of open source, a contention Walker rejects with the argument that a community of developers with access to source code can more easily ferret out vulnerabilities and patch them quicker than is possible with proprietary code. 

However, some open source projects are more lackadaisical then others, said Walker.

"I think there were some PHP-based systems which started to get usage five or six years ago, and unfortunately, they suffered common SQL injection problems, which hackers identified and targeted on a mass scale. That created a lot of fear in the government sector around open source software, but it probably wasn't warranted in all cases," said Walker.

"There were a few projects which weren't managed very well and that sort of tainted everybody else. I think in the five or six years since, there's been a much greater focus on security and managing vulnerabilities, and I think there's less hesitation on the part of government now to consider open source solutions."

Another change in the open source landscape: Providers are acting more and more like their commercial competition because they want to provide a greater level of confidence in their products, said Walker. His company was initially based on a free, "community" model, but the public sector actually trusts software involving a paid transaction more than free software. "Now that we have a commercial product available with unlimited support, it really opened up the doors for government usage."

Open source software licensing agreements can vary greatly. During a Dec. 2 session at content management conference Gilbane 2010, in Boston, Walker outlined the most common open source licensing models and terminology.

There are many licenses which are approved by the open source initiative, but the most predominant are:

• General Public License, which is the most common license, and is also referred to as a "copy left" license. The license helps ensure that intellectual property will always be available in the public domain. It ensures that open source remains open source, said Walker. Any derived work, based on the initial intellectual property, must be distributed (if the creator of the derivative work choses to distribute it) under the same license terms, meaning GPL software cannot be altered into a proprietary extension.
• Permissive Open Source Licenses (BSD, MIT, MPL and Apache), (as the name suggests) have very few restrictions. The only real restriction for many projects under these licenses is that the copyright of the original creator of the intellectual property must be retained within the source code. If the original copyright is retained, it can be resold, distributed or modified.
• Dual Licensing and Open Core: Essentially these aren't licensing models, they're business models. Dual Licensing is when an original copyright holder of intellectual property licenses the exact same software under a commercial license and an open source license. The commercial license may have added benefits, such as support, while the open source license could be completely free--this model was pioneered by Red Hat, said Walker. Under an Open Core license, a central piece of software is licensed under open source license, but a vendor can build proprietary extensions, which are licensed under a commercial license and then bundled as a complete package. The open source core-commercial extension bundle is released for sale under a commercial license.

For more:
- see the Open Source Initiative's information page on licensing
- see Shaun Walker's presentation (.ppt) from Gilbane 2010

Related Articles:
VA investigates VistA EHR open source
Q&A: Gunnar Hellekson on open source adoption in government 
Why WhiteHouse.gov chose Drupal 
DISA promotes open source