Open Source Opens Opportunities for Small Companies in the Defense Department Space

Until recently, small or non-traditional defense companies had very few opportunities to win lucrative Department of Defense (DoD) contracts. However, through a change in their contract award approach and the embrace of Open Source Software (OSS) as a strategic accelerator for new and innovative solutions, the DoD has opened the door to many smaller and midsize companies to actively contribute.

OSS opens the door for any development company to create unique and valuable applications in a relatively short amount of time. This allows them to focus on their differentiators, while not spending massive amounts of resources in building out the basic building blocks that are the table stakes but are not closing the deal.

How Smaller Companies Compete for DoD Opportunities

The DoD made a significant change in their procurement approach in 2017 that opened the door for small, non-traditional defense companies to receive funding for innovative technology. In addition to the large, multi-year acquisition processes that only the large established defense contractors were equipped to participate in, the DoD reformed this approach by introducing Other Transaction Authority (OTA) contracts. It allows for prototype development contracts of up to $250 million in funding exclusively for small businesses that were new to defense contracting.

Despite the complexity of the typical, large DoD contracts, OTAs allow for phased delivery of more tightly defined but still innovative solutions, opening the door for non-traditional companies to compete. This, combined with the DoD embrace of open source, is actually a major competitive advantage for smaller companies to prove the validity of their innovations.

Open Source — Widely Adopted Already

You are probably very familiar with open source: specific functionality as simple as a calendar widget, or entire applications such as an Apache webserver developed by a community of volunteer developers. These communities are non-profit groups, loosely organized, decentralized from all over the world, working together on a common software problem or capability. The code is made available under a few different license models, most allowing to change and distribute the software freely, even in commercial applications. Widely used software such as Linux and the Android Operating System, Firefox web browser, and WordPress content management systems have been developed this way and are still evolving based on volunteer efforts.

Open source has been widely adopted not just by developers but by Enterprise IT organizations and the DoD as well. Red Hat in its “The State of Enterprise Open Source” reported that “90% of IT leaders surveyed are using enterprise open source today” and 82% agreed that “enterprise open source is used by the most innovative companies.”  The DoD embraced open source software in the early 2000s, and in the Red Hat report Dr. Lisa Costa, Director, C4I and CIO, Special Operations Command, Department of Defense is quoted: “We could not do this alone. This is about partnership — the open source community is absolutely critical — our other government teammates as well. We want to take advantage of what they’ve already learned, and we want to share what we’ve learned.”

And it is prevalent throughout industry verticals. Synopsys in its “2020 Open Source Security and Risk Analysis (OSSRA) Report” reported it found that 99% of codebases audited in 2019 contained open source components with up to 70% of the codebase being open source.

The Benefits of Open Source – Key to Innovative Development and Faster Time to Market

In essence, (OSS) reduces development time, provides innovation and expertise that smaller companies have no access to, reduces licensing and royalty costs, provides more secure code, and even creates a development environment that younger developers enjoy working in.

Access to talent and expertise — Unlike the general perception that open source is mostly developed by college students, the caliber of developers working on open source projects is stunning. The Linux Foundation and the Laboratory for Innovation Science at Harvard in their 2020 report “Vulnerabilities in the Core” analyzed the open source platform GitHub and identified developers contributing under their Microsoft, Google, IBM, or Intel employee email addresses were the most active contributors to the projects. This provides access to a wider pool of innovative talent most smaller companies would have no access to.

Furthermore, this approach can attract many younger developers, as they are very familiar with the use of open source, and enjoy working on leading-edge projects, show quick successes, appreciate the recognition by their peers, and are keen to learn and make a contribution.

Cost and time savings — Having ready access to entire building blocks or applications that showcase the small companies’ innovation that would otherwise take weeks or months of internal development, reduces time to market and development costs significantly. Though maybe not perfect, they allow for sharing early prototypes quickly, which is especially important in DoD OTA contracts, that are targeting quick delivery of innovative technology.

Security and maintainability — Another misconception is that open source is vulnerable to malicious code being intentionally or unintentionally built into the software. The danger is actually higher for commercial proprietary software, as we have recently seen through the Solarwinds attack, where hackers injected malicious software into the commercial product software without the development team noticing. As open source development is decentralized and done by volunteer developers without the pressure of corporate deadlines, any new code inserted into the code base is reviewed by developers of diverse backgrounds. If problems or vulnerabilities are identified, they are fixed and communicated in few days, often before those issues become exploited.

A Case Study in Innovation Through Open Source

An example of this approach is Axellio, a medium-size, previously commercial enterprise-focused business in Colorado that augmented its innovative technology with open source security applications to deliver its first-ever DoD project.

With a history of high-density storage platforms, Axellio submitted a proposal to the DoD for a high-speed, high-density packet capture solution and won an OTA contract for this unique solution. While further refining the solution with the defense department it became clear that there was an additional need for security monitoring and analysis applications, some of which the DoD was already actively using. Axellio expanded its existing solution using several open source security applications such as Zeek and Security Onion that analyze and identify patterns of cyberattacks and provide analysis tools for security experts. With this approach, Axellio was able to deliver a brand-new hardware and software product line in under a year to the DoD. In addition to using open source, the team expanded and hired several security experts, that were quickly integrated into the development team due to the open source applications they were already familiar with. This combination of innovative technology combined with readily available open source security tools, allowed the DoD to utilize security applications they were already familiar with while providing a new level of detail and reliability that was previously not attainable.

Conclusion

Small and non-traditional companies have a better chance than ever to win DoD contracts through the combination of OTA contracts and the embrace of the DoD for open source software. Never could new products and concepts be developed faster by focusing on the differentiating aspects of a solution, while taking advantage of vast open source infrastructure for the general but necessary components to develop a complete solution.