> A large part of how this problem comes about is the > procurement process, > which ultimately results in a large, proprietary, > unmaintainable system. > The State then hobbles along with it until it collapses of its own > weight, and then the State procures a newer system, with the > same problems. That's a good summation, but what you're not considering is the fundamental flaw in all government procurement. Most government procurement is based on the least-expensive solution that meets vague requirements. Hence you have entire businesses that a built on generating and providing half-assed solutions to government organizations at cut-rate prices. There is ZERO incentive for these government churn shops to provide support, management, and maintenance etc. since most RFPs are based on winning the initial deal - management, support, etc. is another RFP (and a whole new set of companies feeding off that business.) This whole process supports an industry of leeches who are masters at selling BS to governments. They know exactly how to maneuver through the government agencies, kiss the right butts, and get the contracts, thanks to lowballing their quotes with lame solutions. Skilled, talented folks get pushed right out the door because - well - skill and talent tends to cost more. Talented people aren't willing to work for $4.00 an hour. Morons are. Morons also don't need to worry about reputation since they can just sucker the next agency out of some money and move along. > If the State made it a procurement *requirement* that all > such systems > being paid for by the State be delivered with an open source license > (OSD compliant http://www.opensource.org/docs/definition_plain.php ) > then the State has a great deal more flexibility in maintaining the > system in the future. In particular, it frees the State to: > > * hire additional developers to work on the project outside the > primary contractor > * hire maintenance staff from any source > * fire the primary contractor and replace the development staff > without having to flush 100% of the software developed so far > * engage in open source security and quality reviews of > the software > without having to apply NDAs to the reviewers > > This is not my idea; it is being widely discussed. It has > been proposed > for the state of California, the Federal government of Peru, and > actually implemented for the federal government of Venezuala. You make a compelling argument, Crispin. And in many ways, government would be well served by open-source technologies. And it would make more sense. The money they save could be used to hire talented people with expertise in these technologies. However, it does open up a truck load of questions. I mean, as it stands, the low-price bidder gets the job these days. How on earth would governments chose open-source products? Given the politicking and backstabbing just to get governments to agree they actually NEED security is hard enough. Then to unleash a myriad of products on them all with varying levels of obsession from a wide array of lunatics. There is a reason they call them Holy Wars. Honestly, I think governments need good advice and guidance. They need industry experts to help guide them into solid and efficient evaluation and decision making processes. And the RFP process needs to consider much more than merely price. The adage "you get what you pay for" has real meaning. If you pay nothing for something, you're getting a product that is going to be lacking in many ways. Likewise, paying big money for extravagant solutions is any better. There has to be some compromise between inexpensive and quality. Open-source can fill some of those needs. But I am not sure they can fill ALL needs. ------------------------------------ Andrew Plato, CISSP President / Principal Consultant Anitian Corporation (503) 644-5656 office (503) 201-0821 cell http://www.anitian.com ------------------------------------
This archive was generated by hypermail 2b30 : Wed Sep 04 2002 - 15:23:47 PDT