I should probably add a little story to this so you can see why we need such a rule.
When I was in 9th grade, we had our IT at school done through an old, outdated, slow and expensive Novel server, supported by a WindowsNT machine to provide internet connectivity. The system was a pain to use and only one person actually could. He made the accounts and did all the maintenance.
We set up a Linux server to replace it, and at a fraction of the costs and with typical hardware we managed to create an experience that was worlds ahead of what the previous system offered. We trained the admins for free and offered to train every single teacher for a very, very low price.
In order to formalize the whole thing we offered ongoing support through a local company at a very low rate. The system was working great after all and all staff was happy, so we assumed our offer to be accepted.
But, it turned out differently. Novel and Microsoft both got informed of our efforts and made new offers, which were then further cheapened by additional money from the county for these "valuable" products. We tried to get the same support but surprise, surprise, that one was reserved for "well known products with a proven value". We were still cheaper, but not by enough anymore. And in the end they bought more licenses from Microsoft and a new server from Novel. International companies got the money and the local provider which was cheaper, offered better value and service was left standing with pro-bono work they did with us to secure the contract.
It's not really about dictating the use of OSS software, it's about a level playfield for everybody.

Actually, it is the inherent security of Linux and its non-MS cousins that makes it an undesirable target for viruses, not its lack of adoption (which is debatable, when you consider the majority of internet servers are already running some form of *nix). In order to infect a Linux machine with a destructive virus, you have to manually do at least a half dozen really stupid things to your machine machine first, as would everyone the virus attempted to propagate to. Most of those steps are things a normal user would never try or even know how to do and an informed user would just not do. This is completely unlike Windows, where all you have to really do is double-click on an infected e-mail attachment or other file to get hit with a virus.

Yeah - viruses don't really work on Linux because of the need for user interaction.
A virus on Linux currently only consists of a list of commands which can easily be reviewed before being executed, so it's not really a virus at all just a list of stupid commands.
Things like sudo rm -rf / and other destructive things.
Oh - and never run the command I put up there. Seriously.

While it's ostensibly a good idea, I feel it is actually a terrible one and could end up costing just as much money if not more.
When it comes to computers, a great number of people suffer from a sort of functional fixedness where they have learned a particular program or operating system but find themselves unable to carry over all but the most basic knowledge to a new version, even if most of its functionality is the same or is presented in a clearer manner. For instance, look at Office 2007; the long-term efficiency benefits of the Ribbon UI were clear, but the vastly different presentation meant that companies had to spend weeks training their employees to use the new system; even after this training, some of these fixated employees hate the new system and continue to struggle with it. This transition period would be ten times worse with Linux or OpenOffice, which have even greater differences than a new version of a Microsoft product does. Additionally, any new employees would come from a company which had been using MS products, so they too would need retraining.
Similarly, in classroom situations it is best that students learn Office and Windows so that they are able to smoothly transition into employment; while people like you and me could easily adapt to a new office suite or even a different operating system, for those who can't adapt this exposure to open-source would be absolutely worthless because they are incapable of bringing that knowledge with them to other similar programs.
Microsoft's near-total monopoly on operating systems and office suites isn't exactly a good thing, but choosing open source just because of the ostensible savings isn't necessarily the best solution to this.

With increased popularity comes increased exploits, this is unavoidable.
That about sums up my perceived security concerns. If the government declares it's using open source software, they increase the risk of someone intentionally trying to slip malicious codes into programs they know the government to be using.
Sure there are exploits in the Microsoft products, but that's also down to them being the most widely used. But seeing as Microsoft code is not open source, and thus not that widely available, you should be able to expect the number of exploits to be far less than an open source project once it reaches the same level of use.
Besides, the UK government is terrible with it's carelessness of PCs anyhow how, how many have they accidentally lost on trains now?

See, that's the beauty of Open Source, since everyone can look at the source code, no one can "slip something in"; everything they code is potentially subject to review by the entire Open Source community. If anyone were to place something malicious into a program, the code would likely never make it into the the actual tree and if it did, it would be caught and removed long before anyone actually used it.
The same is true of when exploitable flaws are found in existing code. Unlike with MS, which does not inform its consumers of potential flaws until they actually have a fix ready, even if they have known about a flaw for months, flaws in Open Source software are announced the moment they are discovered and are often fixed within days. I have actually seen flaws discovered and fixed within a matter of hours.
There are actually more flaws in MS products because it is closed source. Since only the limited programmers that MS has on the payroll have ever looked at the code, there is ample opportunity for flaws to go unnoticed, while an Open Source system like Linux has literally millions of programmers looking at the code on a daily basis. More eyes on the subject means much less goes unnoticed and much more gets fixed.

QFT. One advantage open source, and free software too, have is that because of their open nature anyone can look at the code and see if theres something not working right. It's completely transparent. Which is unlike microsoft's products, which are closed, and follow that "security through obscurity" thing that has been proven that doesnt work.

This is not a good idea.
But don't get me wrong, I love open source. I love the flexibility, I love not being tied to a proprietary system. But seriously, the thing about open source in the government is that not enough taxpayers know what it is. And speaking of taxpayers, let's say purchasing multiple copies of $200 software for different departments, all that money spread out over a ton of taxpayers, I think it doesn't really matter.
Also, training users is a problem. While if I were to move to say, Fedora, I could look it up on the Internet, read a For Dummies book, etc. But this is a government we're talking about here. People don't have the time to learn an entirely different OS, different software suites, etc. Sure, KDE and Windows are similar, but there's still a ton of stuff that's different. Also, around 80-90% of computer users use Windows (which is bad, but whatever). Teaching kids to use Linux in schools would mean that once they get out to the real world, they wouldn't really "get" Windows. And furthermore, there are no licenses to pay for after you purchase the program. Once you buy it, it's yours.
That's just my two cents (pence?), take it for what you will.

I agree with you Weclock. Let's celebrate...
Anyway never mind that linux boxes get rooted more often than people like to admit (and I know this from experience). Clearly the dumb VBScript script-kiddie "viruses" are the -only- security problem we should care about...
I KNOW that Windows code is god awful at points (and believe me I'm well acquainted with the Win32 API enough to know. Sometimes I just curl up into a ball and cry) . However I've seen some code in the linux kernel that defies logic (think "goto" - oh and just so people don't start crying... there's some brilliant shit in there too). I guess that's the advantage of OSS, I can criticize it without having to guess what kind of nightmare is going on inside. In the end it's all written by people and people make dumb mistakes. Mistakes that sometimes escape attention no matter how many eyes are looking at it.
Regardless of OSS and the ability to correct those mistakes, I'm certainly not going to touch it. I have no desire to spend my time fixing the mistakes of others, just my own.
I'm done. I dare not get involved in a linux/oss vs. Microsoft argument, which is what this will become. Those kinds of arguments are for retards.

More than that, a lot of the software being used is bought through OEM or volume licensing, which means it ends up costing significantly less on a per-unit basis than the listed price at retail.

See, that's the beauty of Open Source, since everyone can look at the source code, no one can "slip something in"; everything they code is potentially subject to review by the entire Open Source community.
You'd think nothing could be slipped in; but I've seen it happen in open source projects in the past. And it will certainly happen again, especially if "prime targets" are moving over to such software. Open source software is great in situations where real security is of no concern, but in more high sensitive areas; unless you have the specific staff to ensure security in oyur own business environment, it's just not a wise thing to use.

However, "prime targets" like the US military and NASA have been using Linux and Open Source software for years already with no security issues whatsoever. Additionally, as I said earlier, the majority of internet servers are already running some form of *nix, many of them completely Open Source Linux. The code at the heart of the OS and most of its subordinate applications gets so much scrutiny, there is almost no way someone could actually slip in a backdoor or other flaw into the system (intentionally). Sure, some lesser applications, such as something custom or purpose-specific might be a bit riskier, but honestly, it would be no riskier than a closed source application that you can't look at and find the errors or malicious intent yourself.

Unless you have literally hundreds of people with commit access, anything slipped in will likely be detected within a definite period of time- depending on the popularity of the project, it could take minutes or months. The first thing that popped into my head was when non-Free content was slipped into OpenArena- this caused OA downloads to be pulled down for nearly two months. Media content, however, is more ambiguous than source code, in my opinion.

They'd also have some of the planets best IT staff, it wouldn't be all *nix responsible for the good security, plenty of routers, firewalls & DMZs before an intruder could hit the server subnet