However, having worked briefly with the ATO (and being subjected to security checks myself before I was allowed to waste tax payers money by sitting idle for two months waiting for approval from ATO to have a userid created for the classified systems), I can offer this insight: the concern may be that with Open Source software, there are parts of code that are contributed by untrusted sources, so that they *must* scrutinise the code in order to be assured it is safe. The obvious conclusion being that Proprietary code is magically (or contractually) imbued with trust by being the source of all good Bits.

I fail to see any logic here either, but that was the impression I got: ATO can “trust” Proprietary software because they know who to blame when it’s found to be insecure (assuming it’s found). But they don’t know who to blame for Open Source, and they don’t have the resources to scrutinise it.

The opportunity for IT companies that wish to engage the ATO with Open Source solutions is to be the agency that does the scrutinising on ATO’s behalf. That is where HP ES should be focussing — after all, EDS was always a company that “didn’t make anything”. Open Source logically fits best with what Applications Services does: customising COTS software for clients’ specific needs. And Open Source is far more customisable.

We just have to get through the acceptance barrier and offer to warrant the software ourselves.