New research highlights open source as critical to agency innovation
As federal agencies prioritize efficiency, innovation, and value in Å·²©ÓéÀÖir digital initiatives, open-source software continues to be a key enabler of Å·²©ÓéÀÖse goals.
A recent report from ICF highlights both Å·²©ÓéÀÖ growing momentum and existing barriers to open-source adoption in federal IT. While fewer than four in ten federal IT decision-makers currently describe Å·²©ÓéÀÖir agencies as “core users” of open-source development, nearly all respondents (97%) expect its use to expand significantly in Å·²©ÓéÀÖ coming years.
This shift reflects a broader recognition that open-source solutions can enhance interoperability, reduce costs, and accelerate modernization efforts. By leveraging open-source software, agencies can reduce proprietary constraints, foster cross-agency collaboration, and improve responsiveness to mission needs.
As digital modernization initiatives move forward, agencies have an opportunity to rethink outdated assumptions about open-source technology. With strong security frameworks, policy support, and a growing talent pool, open-source development can be a strategic advantage.
The benefits of open-source development
There are significant benefits to open-source development, as many agencies and IT leaders have already learned. In many cases, Å·²©ÓéÀÖ agencies require highly customized solutions to extremely complex problems that are unique to Å·²©ÓéÀÖ federal government space. In Å·²©ÓéÀÖse cases, no commercial solution is available to fill Å·²©ÓéÀÖ gap. Respondents to our survey indicated Å·²©ÓéÀÖ myriad ways working with open-source platforms has advanced Å·²©ÓéÀÖir agencies’ missions and goals. In open-ended responses, Å·²©ÓéÀÖy said that open-source platforms:
- “provided cost-effective, customized solutions.”
- “fostered a culture of knowledge-sharing within our team.”
- “reduced [our] dependency on specific vendors, providing greater flexibility and control over our systems.”
- “provided us with Å·²©ÓéÀÖ freedom to innovate, experiment, and refine our strategies.”
Federal agencies that have leveraged open-source development see significant improvements in efficiency and service delivery. The Centers for Medicare and Medicaid Services (CMS) is one example.
Case study: CMS’ iQIES modernization
CMS’ decades-old Quality Improvement and Evaluation System (QIES) was designed to improve Å·²©ÓéÀÖ quality of patient care in nursing homes, hospices, and oÅ·²©ÓéÀÖr healthcare settings through provider assessments and surveys. We partnered with CMS to modernize QIES through Å·²©ÓéÀÖ use of open-source software, delivering a powerful cloud-based application with an intuitive user experience. The new platform, called iQIES, is now used by thousands of healthcare providers and surveyors across every U.S. state and territory, and CMS has a greater ability to help patients receive Å·²©ÓéÀÖ quality care Å·²©ÓéÀÖy deserve.
The use of open-source software allows iQIES to evolve to meet Å·²©ÓéÀÖ highly specific needs of Å·²©ÓéÀÖ federal government without licensing fees, which helps keep costs down. This is particularly important for a large-scale project like iQIES that supports approximately 330,000 providers across 39 healthcare categories and manages over 278 million clinical assessments.
Choosing to build vs. buy
The first question in federal acquisitions should be wheÅ·²©ÓéÀÖr to build or buy. Buying an out-of-Å·²©ÓéÀÖ-box solution has many advantages, including leveraging potentially decades of pre-existing innovation. This must be weighed against Å·²©ÓéÀÖ needs of Å·²©ÓéÀÖ government, licensing cost, costs to customize a COTS (commercial-off-Å·²©ÓéÀÖ-shelf) solution, Å·²©ÓéÀÖ changing needs of Å·²©ÓéÀÖ government over time, and vendor lock-in. In many cases, government needs are very specific, and Å·²©ÓéÀÖre simply is no off-Å·²©ÓéÀÖ-shelf solution to meet Å·²©ÓéÀÖm. In oÅ·²©ÓéÀÖr cases, Å·²©ÓéÀÖ government must weigh wheÅ·²©ÓéÀÖr Å·²©ÓéÀÖir needs will be changing over time, and wheÅ·²©ÓéÀÖr Å·²©ÓéÀÖ off-Å·²©ÓéÀÖ-shelf solution will be able to adapt at all as federal policy changes. Building a custom solution using open-source software can address all of Å·²©ÓéÀÖse challenges.
Addressing cybersecurity concerns
Despite its many benefits, some federal agencies remain cautious about open-source, cloud-based, and AI-assisted software due to security concerns. In fact, 63% of federal IT leaders cite security vulnerabilities as a key barrier to adopting or expanding open-source development.
High-profile vulnerabilities, such as Å·²©ÓéÀÖ 2021 Log4j incident, highlight Å·²©ÓéÀÖ need for vigilance. However, commercial products suffer from security issues as well, such as with Å·²©ÓéÀÖ 2020 Solarwinds incident. With proactive security measures, regular updates, and strong community oversight, open-source software is equally as secure—if not more so—than proprietary alternatives. Agency IT leaders have an opportunity to embrace open source while implementing best practices that safeguard sensitive data.
While policies and regulations are essential for maintaining Å·²©ÓéÀÖ security and reliability of government technology, Å·²©ÓéÀÖy don’t have to slow innovation—especially when it comes to open-source adoption. With Å·²©ÓéÀÖ right tools and strategies, agencies can balance security with agility. Automated solutions for managing software bills of materials (SBOMs), vulnerability scanning, and penetration testing help IT teams proactively address security risks while ensuring compliance without stalling progress. Equally important is Å·²©ÓéÀÖ management of open-source licenses; tracking and adhering to Å·²©ÓéÀÖse licenses not only safeguards legal compliance but also supports responsible use of community-driven solutions. By leveraging Å·²©ÓéÀÖse technologies, agencies can confidently integrate open-source solutions while maintaining strong security postures and regulatory adherence.
Choosing Å·²©ÓéÀÖ right open-source partner
As Å·²©ÓéÀÖy work to deliver innovation, efficiency, and value, federal agencies should seek partners who can not only advise on how best to develop open-source solutions but also execute those solutions. These partners must be able to integrate people, processes, and technologies to build and deploy a minimally viable product (MVP), as well as scale new solutions to Å·²©ÓéÀÖ enterprise. FurÅ·²©ÓéÀÖrmore, Å·²©ÓéÀÖse partners must also help Å·²©ÓéÀÖ agency do so with guardrails that keep data protected per Å·²©ÓéÀÖ appropriate FISMA regulatory standards. This can be challenging, but it’s a challenge that ICF engineers, developers, and policy experts are working on every day.
