A few months back we spent a good many hours responding to a major public university’s RFP for a website. Although we were told that we “made the final three,” in the end we didn’t win the job. Only after a contract was awarded to a competitor for more than twice the amount we quoted did we discover that the website was for a top-secret project that was funded by the federal government.
The RFP mandated a CMS (content management system) and specific functionality. As we went through the list of requirements, we made mental notes on which WordPress plugins we would use to deliver the required capabilities. When we reached the end of the list we felt encouraged by the fact that we had everything covered. We used a bid/no-bid decision tool that our customer, GovRealm, created to help contractors evaluate opportunities. Everything looked good, so we decided to bid on the job.
With hindsight we realize that we were naive. Although the RFP didn’t say this was a classified job – the Intelligence Community doesn’t generally broadcast such things – we probably should have read between the lines. When the RFP required bidders to disclose the countries of origin for all proposed software we probably should have realized that national security was at stake. Oh, well. Live and learn.
It wasn’t until we started researching the origins of the plugins we typically use that we realized how global WordPress has become. The software was authored all over the world. It would have been impossible to deliver a typical WordPress website without foreign software.
We now realize that the winning bidder must have proposed either a proprietary CMS or WordPress with custom plugins to substitute for foreign ones. No wonder it cost more than twice as much!
This illustrates a major problem that the Intel Community faces. Twenty-five percent of all websites are developed on WordPress, an open-source, international, grassroots platform. If off-the-shelf web solutions like WordPress are disallowed, it restricts the number of developers who can perform work for the Fed and drives prices up significantly.
We see a largely unaddressed opportunity. How can the WordPress core and off-the-shelf themes and plugins be secured so that Intel Community websites can be built with WordPress? Before you scoff, remember that Blackberries weren’t secure until President Obama wanted to continue using his after he was elected. The development team that solves this problem might find itself very busy!