Creating a 'level playing field' for open source software

options in IT selection and procurement

http://oss-watch.ac.uk@osswatch

1. Strategy

What Are We Talking About?

Free Software

"Free as In Freedom"0) The freedom to run the program, for any

purpose 1) The freedom to study how the program

works, and adapt it to your needs2) The freedom to redistribute copies so

you can help your neighbour 3) The freedom to improve the program,

and release your improvements to the public, so that the whole community benefits

Open Source

• Freely Redistributable • Source Code Included • Derived Works Permitted • Integrity of Author Source

Code • No Discrimination Against

Persons or Groups • No Discrimination Against

Fields of Endeavor

• Distribution of License • License Must Not Be

Specific to a Product (or distribution)

• License Must Not Restrict Other Software

• License Must Be Technology-Neutral (no 'click wrap')

Open Development● Free/Open Source Software (FOSS) just

refers to the licence● Open Development refers to projects

which are developed with engagement and contribution from communities, which promotes sustainability.

● Not all FOSS software is produced by Open Development, e.g. Android, MySQL

Why does this matter?

Sustained Value● Total Cost of Ownership (TCO) is often

(although not necessarily) lower for FOSS solutions

● No license fees to pay when purchasing/upgrading

● Open market for service providers● Option to provision some or all of the solution

yourself

Sustained Value● Sustainability

● Risk Management● What if the company disappears?● What if the software is bought and killed off?● What is the exit strategy?● Transparency of open development makes

judging "health" of a project easier

Meeting User Needs● No restrictions on your use of the

software● Design your own trials and pilots● Make changes (or have them made)● Share the costs of niche requirements

with others in the community● Access to the "best of breed" solutions

Case Studies

Department for Culture, Media and Sport● Replaced proprietary intranet platform with

open source Wordpress● Procured development services from and

SME through G-Cloud● Developed the new system through an

iterative process● Solution realised for £15k, with ongoing

monthly costs in the hundreds, a 90% saving

NHS● Developing Spine2 communications

infrastructure using Riak database in place of current Oracle solution

● Riak chosen "to deliver a more flexible and resilient solution"

● No major proprietary solutions in Riak's field● Riak developed by Basho, Spine2 being

developed by BJSS, engaged through G-Cloud

Case Studies

City of Munich● Migrated all municipal systems from Microsoft

software to FOSS● Switch instigated by end-of-life of existing

products, and the prospect of further lock-in in the future

● Migrating office documents and apps costs €200k more than if they'd upgraded to newer MS Windows

● However, €6.8m saved on licensing costs● Total savings exceeded €10m, although "Our main

goal was to become independent"

Case Studies

French Profile● Gendarmerie Nationale switched 37,000

Windows Desktops to Ubuntu Linux, with double that due to by migrated by summer 2014.

● Lowered TCO by 40%, 2m per year● "Using Ubuntu Linux massively reduces

the number of local technical interventions" – ongoing savings made on support costs

Case Studies

2. Policy

Agnostic● Don't mention "open source"● Has its merits, avoids creating "Fear,

Uncertainty and Doubt"● "Open source software, while it can be useful in many

instances and appear to be cost effective, may present a security risk because open source developers don’t typically follow security best practices when developing their software." - IRS Memorandum on use of FOSS

● Relies on already-instilled culture to be effective

Agnostic● Don't mention "open source"● Has its merits, avoids creating "Fear,

Uncertainty and Doubt"

● Relies on already-instilled culture to be effective

● "Open source Software, while it can be useful in many instances and appear to be cost effective, may present a security risk because open source developers don’t typically follow security best practices when developing their software."

Equal consideration● Require that both open source and proprietary

solutions are considered on a level playing field● "The Government will actively and fairly

consider open source solutions alongside proprietary ones in making procurement decisions" - UK Cabinet Office Open Source Policy

● Encourages an awareness of open source options

● Need to put in place a process for ensuring that solutions can be considered equally

● Need to monitor the procurement process to ensure that such a policy is followed

Preferential● Explicitly prefer open source solutions● "Where there is no significant overall cost

difference between open and non-open source products that fulfil minimum and essential capabilities, open source will be selected on the basis of its inherent flexibility." - UK Government Digital By Default Service Manual

● Maximises the advantage taken of the inherent benefits of open source

● Particularly relevant when selecting technologies for development of new software and services

3. Process

Levels of Engagement

Deep Engagement

Shallow Engagement

PureProcurement

Customisation Contribution Leadership

Selection and Procurement

• Does the traditional IT procurement process work against open source?– RFQ/RFPs require investment from the seller,

recouped from subsequent licensing and mandatory support fees.

– Companies offering support for OSS typically lack a sales team working overtime to understand, master, and win procurement competitions.

– Pre-sales trials and installations are also at cost to the vendor. For closed source, this can be recouped in later fees. For open source, its not clear how this would happen

Active Pre-Procurement• How do we ensure a good range of solutions are

considered if we don’t get responses to RFPs for some of the best options?

• One answer is to spend more effort identifying and analysing potential solutions available before issuing RFPs/RFQs. – An open relatively free-form open RFI could be

followed by a closed RFP.– SSMM is a methodology developed by OSS Watch

involving iterative evaluation and selection phases– Open Source Options (CO) and Open Source Options

for Education (OSSWatch) are resources to help identify candidate solutions

Paid Discovery Stage

• Include a budget for a paid discovery stage for OSS candidates

• In other words, engage potential OSS vendors commercially - or fund an in-house team - to help answer all of the same questions you may be expecting from closed-source vendors as part of their pre-sales activity

• Example: Moodle vs. Blackboard competition, University of Bolton

Unbundling Pre-RFP

• The pre-procurement analysis process can be used to identify ways to unbundle solutions

• For example, pre-procurement may identify an OSS product such as Drupal as the best-fit, and then go to RFP for customisation and support services.

Unbundling Post-RFP

• In some cases there are options to unbundle parts of a proposal (services, applications, middleware, database, infrastructure) and to ask the supplier to consider open source alternatives

• If open alternatives are not considered possible (e.g. “it only works on SQL Server”) this needs to be considered as a lock-in risk

Parallel Purchasing• It may be worth considering parallel processes

- and parallel RFPs - for closed-source and open-source procurement and then comparing the outcome of each in a runoff

• An example of parallel procurement is the Swedish public sector framework, Öppna programvaror

• However, the argument can be made that better value can be realised by a combined process where considerations are balanced– e.g. looking at how areas such as lock-in and exit

strategy are considered versus sustainability

Evaluating Sustainability• Sustainability involves asking questions like:

– Is anyone else using it?– Is anyone around to fix issues/apply patches?- Can I buy services and support for it?- Will it be around in 5 years time

• All software solutions should be evaluated for sustainability. However, for open source the process is different from closed source– For OSS much more of the data needed is publicly

available, and tools exist to help analyze it, from informal guidance-driven models to complex frameworks such as QSoS and BRR

– For closed source we’re more reliant on company-provided evidence

Deep Engagement

“request for partnership”

• If there are no clear existing solutions, can we procure a partnership to collaborate on a solution?

• For example, an existing project may be the best fit, but still requires additional investment in software development to support the user requirements.

• Often in the past this has been externally funded as projects e.g. Jisc, EC, and in some cases subcontracted to development partners e.g. Cottage Labs

Evaluating openness

• Where a solution requires development (partnership or internal) another key factor to evaluate is openness

• The OSS Watch Openness Rating is a simple tool for measuring how open an open source project is to engagement and collaboration

Business Case• Making the procurement process a level playing

field doesn’t need to create bureaucracy • The process can scale relative to that of the

potential procurement. – For example, using informal sustainability evaluation

for small procurements, adopting formal measures such as QSoS at large scale

• An effective process can help deliver sustained value and meet user needs

4. Practice

How does procurement practice fit into this picture?

Awareness of policies, processes and toolsUnderstanding of how open source works

and the issues involvedCapacity to effectively evaluate open

source as well as closed source solutions using standard tools

Cultural alignment with the strategy and its aims

Questions and Discussion