Huh?
"Though the agency has little experience with public open source work..."
Do you mean with applications or just in general?
Because Flask aka SELinux, which is a mainstay security enhancement on most distributions of Linux and BSD used in Enterprise (RHEL is the best example, I believe Ubuntu has it, and all of the major versions of BSD also have it), was developed and implemented at NSA/CSS* with cooperation from the University of Utah. Utah provided a research version of the GNU/Linux OS called Fluke and NSA/CSS provided the enhancement.
So when it comes to pure applications, no NSA/CSS really hasn't done much public open source work. Im sure there are classified programs that are open-sourced inside the Agency but if its classified, does it really make the code open source?
-----------------------------------------------------------------------------------------
*NSA's proper name is NSA/CSS, it means National Security Agency/Central Security Service. The CSS isn't as well known, its mostly a fusion agency for COMINT and MASINT collected by the various Military Intelligence Agencies, like US Army Intelligence and Security Command, the US Naval Security Group, Coast Guard Intelligence, US Marine Corps Intelligence, and the US Air Force Intelligence, Surveillance, and Reconnaissance Agency.