Trusted Code Initiative (update 2017) - Perspective
- Last Updated: Friday, 12 May 2017 18:32
Commercial investment in technology is tied to a company's ability to realize profit from providing products and/or services. This correlation between investment and benefit provides companies with an economic metric to more directly measure a financial return on investment (ROI) for technology systems.
In addition, commercial adopters traditionally do not have the level of internal regulation including procurement, security and other policy compliance requirements that are common within public sector technology systems. As independent entities, commercial users are free to quickly adopt or terminate technologies that positively or negatively impact their bottom line. This independent accountability grants commercial interests the option to seek any level of technological innovation that may, or may not, improve performance.
While the results impact the company's ability to deliver its product or service, the ultimate accountability is to the entity's financial bottom line.
The expectations for public-sector investments in technologies are measured in a different context.
Federal, state and local government agencies are all funded with public dollars and their primary function generally involves the collection, processing and disseminating of sensitive (personal, government or classified) information which must be handled as consistently and securely as possible.
In addition, Government systems manage large amounts of information over long periods of time. This traditionally leads to reliance on legacy systems resulting in long-term commitments to specific architectures, protocols and practices, and dependence on a limited number of vendor-specific communities as suppliers and support providers.To structure the consistent evaluation, procurement and management of these systems, the Government maintains stringent acquisition, management and security policies and regulations.
While this approach has evolved to favor continuity and protection of the system from disruption, in many instances it results in inefficiencies from dated design and practices as well as inflated costs from lack of competition among vendors and technology solutions.
In short, Government technology systems are measured more with regards to maintaining stability in relation to the larger enterprise, than on achieving technical efficiencies and economic cost savings for the agencies they serve.
To effectively achieve these goals, government systems need to streamline procurement and accreditation practices; reduce system duplication and encourage reuse and sharing of resources; temper reliance on proprietary, vendor-specific solutions; and encourage competition among suppliers by providing fair access to commodity resources.
Many of the current technical and economic efficiencies realized by commercial entities come from the use of open source software technologies and practices.
While open source software is widely used within Federal Government systems, there are still many barriers that prevent or deter larger scale adoption. By discouraging the consideration or use of viable open source software solutions, these lost opportunities, cost the government considerable, yet unknown, amounts of money, time and efficiency.
It is very difficult to quantify the technical and economic value of these “lost opportunities.” However, it is a primary objective of the Trusted Code Initiative to identify these gaps; define metrics to measure the benefits and return on investment for open source solutions used within government systems; and institute methods and practices that help recoup these loses by facilitating use of open source software by government adopters and commercial suppliers.
The Trusted Code Initiative is a collaborative vision shared by public and private-sector stakeholders that seeks to leverage the technical, administrative and economic benefits and best practices of open source software technologies to enhance the aggregate quality, security and access of all software resources available for use within Government enterprise systems.
Trusted Code resources must meet the following criteria:
The Trusted Code Initiative defines “Trusted Code” as open source software components, applications, development methods and practices that address the unique procurement, administrative and security requirements associated with Federal Government enterprise systems.
- appropriately validated or affirmed by a government-sanctioned accreditation process;
- deployed, or available for deployment, within a government technology system and affirmed by a government user or their designated representative; or,
- designated as “Trusted” by a government-sanctioned entity.
To accomplish this goal, the Trusted Code Initiative will define the standard for “Trusted Code” software components and practices based on existing government policy requirements; create a process for designating Trusted resources and practices; and facilitate the creation of a sustainable market environment that promotes adoption of the Trusted standard by government technology consumers and commercial vendors and service providers.