We often discuss the many benefits of open source software. The single most important factor, the one that all benefits emerge from, is open. This is actually at the heart of what the software is, a community-driven software package with full transparency into the code base. Governments care about open source because it provides three powerful benefits: monetary savings, improved quality, and better security and privacy. This last benefit is often less-than-obvious, but equally important.
Security and privacy are emergent benefits from the open nature of open source. Following are some areas that lead to this improvement in security and privacy.
There is power in numbers.
The open source community is one of the software’s greatest assets, as it provides open source projects with a natural force multiplier. The community collectively gathers its insights to proactively identify security risks and rapidly mitigate issues. The ability to respond quickly in urgent situations is especially important to government agencies that need to quickly address potential security risks.
Trust is of utmost value.
The openness of open source software is personified when organizations bring in their own third-party experts for security and privacy audits and can go as far as confirming the efficacy of a patch. This extends to the ability to analyze code to ensure no "skeleton keys," proprietary code or hidden software components exist, which could detrimentally impact compliance, security, or privacy. Users do not have to put their trust in another vendor, they can confirm it for themselves. As the saying goes: "trust but verify."
Leverage is key.
The open nature of open source software provides government agencies with the ability to extend software projects and customize them to best fit specific needs. This is especially attractive to government agencies around the world, as they are subject to nuanced security and compliance laws. The option to layer in prebuilt and completely customized software modules can dramatically improve government agencies’ interoperability with government-wide security standards, e.g. the Federal Information Processing Standard (FIPS) or HSPD-12. By allowing agencies to customize their solutions with standard open source licensing models, the agencies can reduce complex infrastructure that can cause provisioning and life-cycle management headaches.
With the ability to move quickly, easily integrate, and review the code’s security firsthand, it is really no surprise that many governments are turning to open source software for their IT projects and initiatives. Despite this acceptance of open source, adoption of open source email systems is lacking. Because email systems house and transmit sensitive information that government agencies must keep secure, open source software’s advantages in privacy and security make it an attractive choice for email, especially among government agencies.
Interestingly, in a soon-to-publish Ponemon Institute survey (sponsored by Zimbra), there are differences in the views of privacy and security. However, despite your location, open source improves both of these features, excluding aspects of privacy associated with data locality. The transparency and flexible deployment options help both sides of the Atlantic address the needs they consider most prevalent.