recommended reading

Open Source Tech is Driving Big Changes in Government

Red Hat

Open source technology is now visible everywhere in government from the basic operating systems that federal computers run on to the blogs, websites and social media tools they use to communicate with the public. Red Hat, which helps companies manage, maintain and secure open source tools, including the operating system Linux, has been at the forefront of much of this adoption.

Nextgov sat down with Red Hat CEO James Whitehurst recently to talk about how open source is changing government, where it’s had the greatest impact and where he sees it going in the future. (The interview has been edited for length and clarity).

Nextgov: Can you tell us a little about open source’s initial path into government?

Whitehurst: Enterprise open source is about 10 years old. When you think broadly about early adopters, it was two main sectors: financial services and the intelligence community. People think of open source now as low cost but the initial interest was because of high performance. The financial community used it because running Linux [the most common open source operating system] was faster for doing trading platforms. Then the major investment banks all moved over and that’s rippled through financial services.

There was a similar dynamic in government. The largest sector for us, both in the U.S. and globally, is the intelligence community and that was primarily around security. We actually partnered with the [National Security Agency] and wrote the security regime that says use enterprise Linux. This would’ve been in the early 2000s. It’s called SE Linux, or security enhanced Linux. So, they deployed it broadly and it went from the Intel community to the military. Now, I think, every Army vehicle has Linux on it on a little server. From there it moved to civilian agencies and that’s more related to cost than performance.

There’s a classic story we tell about joining those two early adopters. We had a collaboration in the mid-2000s with the Navy, which was looking to upgrade its missile defense. When someone shoots a missile at a ship you want to be able to react very quickly. There’s something called a real time kernel you can put in an operating system where you get a guaranteed maximum performance to run an instruction. It’s actually a bunch of changes that say the longest code path possible in the worst-case situation can be no longer than X for this operation. It’s a lot of work to do that. We did that with the Navy for missile defense but it’s now used by every major stock exchange because you also want a real time kernel when you’re running a trading platform so you have a maximum guaranteed time to get a trade done.

Nextgov: If open source is secure enough for NSA where does the anxiety about it come from?

Whitehurst: The biggest confusion is between open source vs. enterprise open source. Open source is a development model. In this development model, the source code is free and open so anybody can download it and use a version. What people get concerned about is ‘am I downloading bugs? Am I downloading something I don't have a license for?’ The simple answer to that is ‘yeah that’s right.’ But that’s the role a company like Red Hat plays. We know the vintage of every line of code and we have strong security. So when you download from Red Hat you know it’s secure. Commercial open source is a very different animal from the free stuff.

Nextgov: How is Red Hat doing with government sales?

Whitehurst: In general we’re growing at 20-ish percent per year for subscription sales and software sales. That's somewhat faster in the government and with budgets basically flat that’s a nice solid growth rate.

Nextgov: Has that changed with sequestration?

Whitehurst: We’ve had a few consulting engagements trimmed on the margins but overall we haven’t seen a major impact yet.

We have two different vectors we sell on. One is innovation. We say "modern architectures are all built on open source so let me tell you about that.” When the economy is going well and budgets are growing, we go in with that message. When times are tough, we go in with value, value, value. We say replace Unix [a standard type of operating system] with Linux and you’re going to free up dollars on day one.

Nextgov: Do you think IT is more sequestration-resistant or recession-resistant?

Whitehurst: That’s always been the theory in IT, that it replaces dollars elsewhere. I don’t think IT will be immune. We have seen new project starts decline, so it can impact the trajectory of growth a little. I don't think it’s as bad in IT, but you can see flat-ish budgets if not down. We’ll have to wait and see how it plays out.

Nexgov: Is government contributing to open source?

Whitehurst: SE Linux and all the work we did with the NSA on that is one prime example. One irony is that Red Hat Enterprise Linux is the most secure open source operating system certified by the Russian military and the reason is because of the SE Linux work the NSA did.

Nextgov: So if the U.S. military and the Russian military both have SE Linux how can it be secure?

Whitehurst: Well it’s secure because people can look at every line and say "we don’t see a way to pierce this." The other security component is the policies about "if I have this password what do I get access to on this system," etc.

The only difference between the U.S. and the Russian versions is that the Russian scientists look at every line of the source code and then we have to compile it on a Russian computer. It’s exactly the same as [the U.S. version] but they want to see it compiled on their system before that source code turns into ones and zeroes to make sure nobody slipped anything in.

Nextgov: What market share does open source have in government?

Whitehurst: It’s hard to really tell. I’d say the government overall looks similar to commercial markets where Red Hat represents about a 20-ish percent share of server operating systems and about half [of all operating systems] are open source now. We’re more heavily weighted in defense and intel and a little underweighted in civilian the same way we’re over-weighted in financial services and under weighted in, say, healthcare.

Nextgov: Will open source ever have 100 percent share?

Whitehurst: It will be approaching some number less than 100. There will always be a need for an IBM mainframe for some very specific applications. Also Outlook only runs on Windows servers and there’s a set of applications that are tied to the Windows franchise.

Nextgov: What do you see in the future for open source?

Whitehurst: When open source was first applied as a development tool people looked at traditional categories of software that had been around for 20 years and open source commoditized things that had gotten older and longer in the tooth. That was why Linux was cheaper than Unix.

But in the past 10 years with the birth of these web 2.0 companies they do everything in open source. All of a sudden, it’s not as much about commoditizing existing categories. It’s that new stuff is happening first in open source. The easy example is big data. It’s tough to name a single propriety innovation in big data. They've all come out of open source.

We’re at an inflection point where more innovation is happening first in open source and we’re going to get to a point where most of it is hanging there. When that happens, we’re going to see fewer vendors building a propriety solution and guessing what customers want and more vendors saying ‘okay what are the technologies that the large factories of the future -- the Googles and Amazons and Facebooks -- are using and then taking that technology and applying it to customers.

There are a lot of implications when we shift to a model where IT is less about inventing intellectual property and selling it and more about sharing intellectual property and adding value on top of it. In the past if you were a [chief information officer] at an agency you sat down with a company and said: "Is this a vision I believe in? Are the financials of this company stable long term? Is this something I want to invest in?"

Now you’ll be saying: "Here’s a technology. How powerful is the community that's using this technology? How stable is that community? Do I want to invest my business in it?" All of a sudden companies become less important to where and how technologies are emerging.

Nextgov: That basically seems like the Red Hat model.

Whitehurst: There are very few companies Red Hat’s size that made it, that didn’t either fail or get gobbled up. One of the reasons we were able to do it is, when we were smaller, part of our sales pitch was ‘you don’t have to trust Red Hat is going to be around. You just have to trust that Linux will be around. We can go away.’

One of our biggest challenges is customers can say: ‘I’m not getting enough value, I’m not going to renew this subscription but I'll keep the code thank you very much.’ But that keeps us on our toes, trying to build a business model where we’re always providing value. 

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.