Shaun Savage wrote:
> This is is a continuance of the "Computer vulnerable at Oregon" thread!
>
> The question here is will cost be reduced and security improved using
> Open Source.
Sorry, while I'm sympathetic to the ideals represented here, I do not
agree that they are entirely axiomatic.
> A few basic axioms of this debate is:
> 1> "monopolies increase cost by reducing competition"
Yes.
> 1A+ "competition inceases software quality"
Does not follow. A vendor that has a monopoly on a narrow niche may be
able to devote sufficient resources to supporting a complex application,
where as two competing vendors trying to live in the same niche may find
themselves with insufficent revenue to properly support their applications.
> 1A- "shorter development time reduces software quality"
Does not follow. Good design can lead to shorter development and better
software quality. And this does not appear to have anything to do with
monopolies.
> 2> "proper software development inceases software quality"
Er, yes, but "proper" is so ill-defined that this statement is a tautology.
> 3> "people are more important than business"
This is not true when you are trying to conduct business, to wit:
* Vendor: you should use my product.
* Consumer: no, theirs is cheaper & more cost-effective.
* Vendor: but that hurts my feelings.
* Consumer: lump it.
"Business vs. people" is a misleading concept. "Business" is just an
abstraction for how people can interact, in contrast to some other
models such as "cooperation", "fighting", and "indifference." Business
has stood the test of time as a pretty darned effective way for people
to interact. When someone argues a position on the basis of "people are
more important than business", they are more than likely BS'ing an
indefensible proposition that you should do something that contravenes
the rules of business conduct for some reason that lends particular
advantage to some particular people, without letting on to who gets the
advantage.
Open source development models are an interesting new model that is not
well-understood (in economic terms) but people are working on it. For a
great deal more on this topic, go look at the FSB (Free Software
Business) mailing list, where people who actually run free software
businesses chat with people with job titles like "professor of
economics." http://www.crynwr.com/fsb/
> The topics I want to discuss are
> What procedure are need to improve software quality for the state?
My position on this:
* The State should mandate that when *custom* software is procured
by the state that the source code be delivered to the state under
an open source license, so that the State is not placed in a
monopoly lock position of having only one vendor to supply
support for that system.
* The State should *consider* open source solutions when procuring
commodity systems, but should not be required to choose open
source for any particular application. This is because open source
is *sometimes* the best solution (e.g. Apache is the most
cost-effective web server) and sometimes not (AbiWord and Star
Office are simply not viable competition for MS Office. Yet :)
> How the bidding for software can be done to improve quality and security?
Dunnow. Some of the things I've heard here about how the State procures
consulting services in general, and software in particular, are pretty
depressing.
> One idea is to have development and maintaince be two seperate
> contracts. But this would also require a formal acceptance testing
> procedure.
Just mandating open source licensing of custom procured software
obviates that complexity. If the State has open source rights to the
code, then they can hack any contract they want for support.
Crispin
--
Crispin Cowan, Ph.D.
Chief Scientist, WireX http://wirex.com/~crispin/
Security Hardened Linux Distribution: http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html
This archive was generated by hypermail 2b30 : Tue Sep 24 2002 - 15:13:04 PDT