The largest branch of the Norwegian government, Labor and Welfare Administration (NAV), have adopted this this policy since 2018 and now we have over 2000 public repositories on https://github.com/navikt and https://github.com/nais (last one is our platform organization)
I read uninteresting as not very very useful for an external party in general. It was likely developed for an organization's fairly unique needs, is probably not very well documented, and there's no community in the sense that most genuinely useful open source projects have. Dumping a big one-off repo of code is fine but probably no one's going to put the work into seeing if this project that was never intended to be general-purpose is worth trying to adapt for something else.
Exactly this. It's like our websites and some other tools for our particular needs. We have, on rare occasion, gotten PRs from earnest supporters but they have no idea what our product needs are and we can't just merge in stuff that nobody asked for and hasn't been tested.
There are four reasons this is difficult to actually work:
A. Most people in government positions don't know/care about open source. Nobody will educate them for the following reasons.
B. Most private implementors don't want to open source stuff because it will make easier for other companies to study their code, making it easy for them to get contracts for updates to that code. Avoiding open source in general also increases the total cost so more profit for the implementing party (fe selling also Oracle licenses is much better than using postgresql)
C. Code in the open is easier to be audited by hackers for exploits. This is even more problematic because government code is supported by private contracts and may be left unsopported for some time due to bureaucracy.
D. This is the most important. Open sourcing projects opens the door for cost auditing. We've seen crazy things like simple CMSs costing millions of euros. Although these may be simple wordpress sites, they get away with them because they can say that they are custom implemented, have huge back office etc. Open sourcing them will reveal the scam.
Source: I work in a public sector organisation in an EU country and have dealt many times with projects by outside contractors.
You point out that things are not as they should be and argue that changing them will be hard, because that's how they are... to me, these points are a great motivation to introduce the legislature:
A. Such initiatives make government aware of the value of open-source systems to the public.
B. Ok, then this legislature would contribute to the reduction of inequality.
C. Better to fix bugs early than wait until they have catastrophic consequences.
D. Are you saying that we should let bad things continue happening?
A. Few people outside of tech care; this won't bring votes.
B. Yes but the private contractors like the current status quo. More profit for them.
C. It's not always possible. Bureaucracy is a very big factor in such cases and it can't be fixed.
D. Of course not. The thing is that there are a lot of people that "profit" from this situation. And unfortunately these are more or less the same people that can decide in favour of making the open source everything move. And because of A there won't be much pressure for changes.
C. Biggest roadblock to opensourcing is low quality of code. When we open-source, it is usually total crap that only hinders the image of public institutions. Really important, high-value code stays in private hands like this price matching algorithm for EU energy markets [1]
D. How would you audit open source? Using sloccount and its estimate of man-hours based on Basic COCOMO model? This is laughable at best. Yes, it puts public spending under scrutiny and puts public institutions into a defense position. But this is how things are in healthy democracies already.
B. I work for public institutions, and I use Postgres, not Oracle. When Docker Desktop hit, we moved to podman. Public procurement is a hell, Open Source is the default option and only RedHat and VMWare still reap billions in profits from new public contracts.
I’ve heard those exact words from a government developer in Berlin and it felt really good to hear. Imagine making pull requests to improve government services! Some people would gladly do it.
The Labor and Welfare Administration (NAV) of the Norwegian government is doing exactly that, we have been opening up our code since 2018 and are accepting pull requests across our 2000 public repositories from those who want to improve government services https://github.com/navikt this has also enabled a much more close collaboration between new and existing partners that was previously unheard of!
I think the main reason why this is not done actively in Germany, is missing people with expertise. Lots of old guys from the pre-internet era taking care of the technical systems. Unfortunately, the gov is not doing much to make at least official positions attractive to young programmers. And of course, if it's done by a contractor, they do not wat to share any code with the public.
This might be because the government is a really unattractive employer both in terms of culture and remuneration.
However I have met some truly brilliant people working for the city of Berlin. They're just limited by red tape and diffusion of responsibilities, not to mention the amount of work that needs doing.
Opening the code up to pull requests could give the city IT a free boost from motivated citizens, I think.
alphagov is GOV.UK and shared services which are part of the "Government as a Platform" service line. Things like GOV.UK Notify (Twilio), GOV.UK Design System (Bootstrap), GOV.UK Service Manual (Ops manual), GOV.UK PaaS (Heroku, now defunct), and so on.
Every major UK government department has their own GitHub orgs:
that's true, but, to be fair, it might be easier to order an anti-hacker CIA background check for a contracted company of 100+ employees, than for a 10,000 pseudo-anonymous github users.
Yeah, but how often do you perfom that check? In the end it is all about the code and whether it can be checked.
And I have to say my personal confidence in the quality of governmental code is higher if it is open source than if it wasn't — because I know some pretty paranoid people who would for sure check that could better than any contractor ever would.
Why bother when KGB hackers can already find a dozen of vulnerabilities just by looking sideways at a closed source project built by the most well-meaning team?
Valid risk [0], but that shouldn't keep the gov from making the code public. Open source / free software has its unique challenges, but it's a more fair model to people, and also it doesn't have challenges that arise from the code being "secret".
How about Public Money, Public Data? For instance, there’s a whole industry around finding public legal information about companies. State’s websites offer throttled database access, some offer data for free, but most selling it for dozens of thousands of dollars (officially)
There should be a fee, but a fee equal to how much storage and access cost, so a very small one.
If you put no fee, some big actors will create non optimize crawlers and call the service in a loop, wasting your tax money.
A small fee means people will take care of only get exactly the data they need, cache what they need to cache, and refresh only if they really need to, and what they really need to.
In Sweden most government data is public which includes individuals tax records.
That generates things such as news articles "The 50 people in your area that had the highest income last year" with home address and everything and that you can look up income instantly on the web.
Some level of privacy for this would be nice to have.
this has always puzzled me. Companies gets millions from the taxpayers to certain projects to develop their (something)
Then another company get another million to develop same or similiar thing.
Why it is not a required that if you get taxpayers' money, the results should be available for free to everyone, let's say after 12 months of grace perioid ??
> Why it is not a required that if you get taxpayers' money, the results should be available for free to everyone, let's say after 12 months of grace perioid ??
Probably depends on the development in question, but in general the ability to resell something to someone else changes the calculations for contract work. If you want me to develop something and then own it is not the same deal as me developing something that I get to sell to someone else, too.
Some might also consider it undermining their own industry. Instead of building up software companies, it is essentially the government building a huge software department.
It also depends on the nature of the software. Administrative software can usually be exported without issue because it doesn't threaten the administrative service. But certain technology is a strategic investment to create a domestic industry that can self-fund expensive R&D, so you may need a moat if it's inexpensive to copy the result.
and the worst:
taxpayers' 99% funded organizations for example for traveling or some other area make the same sh*t as another orgs already did 3 times, yet they do not share any of the information.
Because that would be bad for society. It's important that money moves around as much as possible--every time it does, value is created. Think of it like the water cycle. By increasing the output of the sun (enacting laws to keep publicly-funded code private), we cause lots more money to evaporate from the taxpayer oceans (by solving the same problem repeatedly), and that in turn creates lots more fiscalonimbus clouds in the upper ten percentosphere (where you can find, e.g., large consulting businesses and shareholders). Before long, all that evaporated money (it's actually stock now, the most interesting property of which is that its value expands and contracts to fit whatever everyone thinks it should be worth) will start to precipitate when it's liquidated again, see? From there it rains on unspecified economic mountains and valleys, and eventually trickles back down into the ocean again.
You might point out that increasing the output of the sun in the real world actually result in a scorched, uninhabitable earth, and that also that's not how any of this works but hey, no analogy is perfect. And this one is plenty good enough to convince voters.
But the issue here is that taxpayer's money is never sufficient. If not used on software projects it could always be used to speed up public infrastructure building, increase salaries in important public jobs like healthcare or teaching, or any one of a billion things that would be far less wasteful and still put that money back into the economy.
I kinda hoped that by the time people got as far as "fiscalonimbus" they would have caught on that this is a send up of economic conversations in internet comment threads.
There are a lot of good reasons to do this, even if it's just better interop between different branches of the government, all cool.
However, you then realize that the military is funded by public money. I'd wager you don't want fighter jet or missile guidance software to be open source.
Great, now use that clearly specialized use case to drive public policy for every single common use case. There is such a thing as bad faith arguments. By default everything public paid should be open sourced, if there are cases exception is needed like military then exceptions can be made on application basis.
> The idea is way too simplistic and lacks nuance.
and you wrote
> There is such a thing as bad faith arguments.
Why is it a bad faith argument? GP clearly admitted that no straight forward solution that treats every case the same is going to be good. That is the same you argued for.
Because pointing out that a slogan is simple and in-nuanced is unhelpful, and in bad faith. They're supposed to be simple. Slogans in a democracy are calls to action towards a general idea, and the more complicated they are the less people they can rally. Obviously the nuance will come when lawmakers actually put the thing into writing.
Yes there is nuance, but public policy is not defined by the extreme. In the vast majority of digital-services-for-public it _should_ be public code as well. The areas where nuance exists can be discussed further. The extreme doesn't define the rule.
That kind of nuance seems implicit, and isn't something that needs to be mentioned in a campaign to get the basic idea across. Remember that this is aimed to people are not really familiar with these sort of ideas at all.
Missile guidance software isn't generally produced by public agencies, right? It's produced by private companies and licensed to the government. The same way Microsoft Windows is.
If it is actually produced by the federal government, it can’t be open source because it is already public domain.
“Public money, public code” either refers, in the US, exclusively to state governments, or it applies to software developed under government contracts (and possibly other software purchased by government), not just software developed by the government itself.
I did my research and the public domain mandate for federal works apparently doesn't apply to the states. Some states actually enforce their copyrights and have whole licensing systems for state government-produced works.
Isn't this a whole 1st Amendment violation? The law is intended for private parties and the 1st is incorporated to the states since a very long time. Has anyone sued over this?
Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.
Where is the connection to requiring anything to be put in the public domain?
By enforcing copyright law, states restrict the freedom of speech of their citizens by prohibiting/going after certain kinds of expression (someone relying the state government's own speech is in itself speech)
In order to not be unconstitutional, therefore, copyright law should be interpreted as not protecting state works.
Correct, but the 1st is stronger. This is why fair use even exists. In order to coexist with the first amendment, the copyright clause must allow some wiggle room for freedom of expression and balancing the rightsholder's interests with society's.
Since these "safety valves" exist even for enforcement of the copyrights of private parties, a state government's enforcement would be even more, if not entirely thwarted by the free speech clause.
The Copyright Clause is explicit about the authority of Congress to grant exclusivity. You're not going to get anywhere with an argument that it contravenes the First Amendment. They were ratified almost simultaneously.
We could still have “Public money, public code” by having the government leasing planes from private companies, so the government would just be operating a service provided by the private sector, and wouldn’t be entitled to get the code delivered to us.
So if I am closed source SaaS solution and government pays monthly fee - my code should be public domain as well?
I don’t see this working other way than government spending money rebuilding each SaaS solution on their own. Then spending more running and operating it all from ground up.
Which would be very costly and no one would like to pay for it with their taxes.
> I'd wager you don't want fighter jet or missile guidance software to be open source.
Why not? I can think of some reasons but they mostly devolve to security by obscurity and a whole lot of assumptions to even get there. The actors who want to know are already in the know. At least open sourcing the rest would be a compelling lever to avoid accidentally escalating conflicts.
Signatures are carefully protected and used for targeting.
If you disclose everything about how a targeting system or sensor system operates, it becomes easier to defeat.
But I think there’s a happy medium where the framework and general missile/sensor code is disclosed — but truly critical information like the sonar signature of enemy submarines is protected.
That it be licensed with an open source license, yet folk are acting like they've never heard of security clearances, or that the license will somehow supercede all of our other laws regarding document security.
Then again I wouldn't be surprised if the same voices on hearing freedom of information being proposed to raise similar "but military secrets" objections that were completely divorced from reality.
Probably because the campaign this post links to puts forward a completely un-nuanced argument, and even trivialises or brushes over most of the reasonable criticism you could make about the case it’s putting forward.
I don’t know why so many activists fail to understand this. If you have a cause that you think is important, putting forward a shitty argument for it isn’t going to help in the long run.
It isnt a shitty argument - do you think that a permissive license supersedes security clearances?
I find it powerfully frustrating to see these sort of reactions where people act like the very first thing they can think of that might require nuance is this fatal flaw, or that even a robust critique represents some death blow. Critical feedback improves projects so it is bewildering to me to see people treat it as the last word.
This project isn’t in need of critical feedback. The fatal problems with the proposition they’ve put forward are plainly obvious. They’ve simply chosen to try and ignore them.
I also support making publicly funded code open source. But campaigning for all government licensed code to be made open source by legislation, especially with no indication of what reasonable limits you think that should include, is a fundamentally stupid idea. Microsoft isn’t going to open source windows to retain government licenses, and government orgs aren’t going to stop using windows. This position puts this project in the camp of ideological extremists who are simply disconnected from reality. Including scaremongering about the security of proprietary software is also an incredibly weak and unnecessary inclusion here.
If this campaign were to gain some traction with the public, the only thing it would achieve is attaching supporters of a more reasonable version of this idea, with a stupid and trivially easy to dismiss argument to support it.
The entire video on the front page advocates for public organisations to only use software that is open source.
> Mostly our administrations procure proprietary software, this means a lot of money goes into licenses that last for a limited amount of time, and restrict our rights. We aren’t allow to use our infrastructure in a reasonable way, and because the source code of proprietary software is usually a business secret, finding security holes, or deliberately installed back doors, is extremely difficult and even illegal. But our public administrations can do better, if all publicly financed software were to be free and open source, we could use and share our infrastructure for anything, and for as long as we wanted.
It seems like you missed how stupid this proposal is. Perhaps you simply assumed that it aligned with your own, less stupid, preconceived version of this idea? In which case you should consider that this campaign is clearly targeting people who are unfamiliar with the entire concept of open source software, in order to properly gauge how harmful it could be.
If you’re trying to promote an idea that the public is largely disinterested in, then putting forward a strawman argument for it yourself is only going to empower its detractors.
I'm sure that demise has nothing to do with the change from unions literally fighting armed strike breakers on the streets to unions being heavily regulated bureaucratic entities that are on first name terms with the corporate owners that used to hire the armed strike breakers.
By legalizing narrow avenues for union conduct, we have also heavily disincentivized any behavior outside those avenues. The "fat cat" union reps that live off your dues without contributing anything meaningful to your rights are ultimately an intentional creation of this de-radicalization. Incidentally the Red Scare helped quite a bit by making unions scared of seeming "too leftist" when the existence of unions itself is born out of a leftist understanding of class conflict (not "class" as in how much money you have but "class" as in whether you have to work for a living or people pay you for what you already own).
They are still technically difficult to build, and making explosives is the easy part. If someone had wanted to explode you badly enough, they'd have done it without self guiding missile already.
To communicate it and receive your commentary it had to be clear and simple. Of course there are caveats, and these are the kind of thing that makes law difficult and complex despite the overall objective being clear and straightforward.
This is one of the best initiatives to promote open source. We should all support it as much as possible - particularly if working in IT. If you are: Keep in mind you are making the decisions & you can decide for better options than Google & Microsoft!
I am fully in support of such initiative. So I am interested to hear what the possible downsides are? Please share your opinions on the matter as I can only see upsides to this.
I am in support of it too, ultimately, but after working on federal government software projects, it is a very huge uphill battle.
Consider this: your trying to build a grants management system for Defense contractors in Afghanistan. You want to make sure that public money is not going to terrorists sanctioned by the US government. There is a forensic accounting software platform widely used by firms that audit the banking industry,but it is closed source and sold to firms commercially. Should the government spend money on making new software or license the existing software that works extremely well? Should the configuration for what the government creates on that software be open to the public, and open to competitors to imitate? Should they demand that the source code is released? Also what about national security?
Would AWS release all their source code to retain their largest customer, the US government?
I agree that the amount of closed source software used in government projects is staggering and a legitimate barrier to government IT working properly. But the broken process that governments spend money is a bureaucratic nightmare. I am not sure their would be technical downsides, but absolutely their are political ones.
The only thing that I could imagine being an actual downside is the retention of confidential information in the interest of national security or public trust. That is a political minefield already, and open source code can help with security, so I don't even think that is the largest hurdle.
Seems like in your example they should make or buy as they see best fit, but if they make they should make it public. If it could conceivably be a military secret then I expect it would be exempt.
I don't see anything about copyleft style policies here which you seem to be referencing heavily, where are you getting that from?
But that is how the government operates - what is the point of requiring the government to have all the software they develop be open source when they are contracting out all software development to contractors that develop on proprietary platforms? It's not like the government is hiring software engineers in a meaningful capacity, at least not the US government.
I don't know what to tell you (tried and failed to get a number for programmers employed by the USG, its enough that they have a reputation for not paying as well as private sector), but it sounds like you made up a requirement and got mad about it?
I'm not mad. But if your goal is to open source code and software developed with taxpayer money, its not as straightforward as this initiative makes it out to be.
They could sue, they could drop them as a client and not bid, they could offer reduced services like they already do with gov cloud, there are a lot of ways this could play out. Apple has shown that private corporations aren't ready to blindly comply with the US government if it doest suit their business interests.
I suspect many stakeholders would not like their dirty laundry aired so publicly, which is an obvious good outcome for most people but not the heads of departments and large consulting companies that get big contracts.
I’ve been employed as a software developer for my state for almost 2 decades and just wonder what software should be included. I would guess 75% of what I develop is internal services and intranet garbage. The rest is one off tools full of garbage code and hardcoded credentials.
Should other divisions that are also publicly funded also have their work available to the public? Perhaps HR should have a GitHub repo for all of their communications?
The downside is public shame. Governmrnt code is no worse than private code and is usually of very low quality and hints at tought organisational problems and outright fraud.
It takes more effort to make internal code FOSS (i.e. upstreaming changes, protecting internal parts, etc.) - and often very few other people use it or contribute back anyway.
I think it'd make more sense as part of a unified effort - like all EU countries agreeing to provide one digital ID service. But that itself is a much bigger issue due to differing levels of digital services, bureaucracy, etc.
I still support it though, and donate to FSF Europe every year with my company donation.
For the common folk, there's no downside. For the people in power, more transparency means fewer avenues to exercise control, fewer places to hide activity.
I am in favour of the principle and certainly wouldn't oppose such legislation. However I think it's worth being aware that publishing and licensing the code only gets you an open-source project in the most narrow sense.
To actually get meaningful benefit from it you need to design it with multiple use-cases and deployment models in mind, document it, and build a community around it.
If you have a bunch of publicly-funded teams that are desperate to do that work but held back by rules saying their code has to be private then forcing it public is a huge win.
But actually I think most such teams are just trying to get their project off the ground or keep it alive. If you make them publish the code they'll do so and then carry on developing an undocumented system that solves their exact usecase and none other, and is tightly coupled to their particular production environment.
I think to really get open-source happening successfully you actually need to foster a culture that values and incentivises the extra work it entails.
Nonetheless, this would be a great first step. So bravo!
Sharing America's Code
Unlock the tremendous potential of the Federal Government’s software.
Code.gov is the federal government's platform for sharing America's open source software. Our mission is to help agency partners and developers save money and increase quality by promoting code reuse and educating and connecting the open source community.
> In 2016, then-President Barack Obama’s Federal Source Code Policy pushed agencies to use open source software. Among other things, the policy included a pilot program requiring agencies to publish 20 percent of code written by the government.
> The U.S. Department of Defense (DoD) faces unique challenges in open sourcing its code. Unlike most software projects, code written by U.S. Federal government employees typically does not have copyright protections under U.S. and some international laws. This can make it difficult to attach an open source license to our code. The Defense Digital Service (DDS) has been working with DoD and the open source community since early 2017 to develop a guideline for supporting open source software (OSS) within the Department.
> This page is an educational resource for government employees and government contractors to understand the policies and legal issues relating to the use of open source software (OSS) in the United States Department of Defense (DoD).
David Wheeler (now at Linux Foundation working on software supply chain security via OpenSSF), "Open-Source and the Department of Defense" (2009), https://dwheeler.com/essays/dod-oss.pdf
DoD memo “Clarifying Guidance Regarding OSS” (Oct 16, 2009)
OSS is commercial, commercial must be preferred
DoD must develop/update capabilities faster; OSS advantages
Source code is “data” per DODD 8320.02; must share in DoD
DoD-developed software should be released to the public under certain conditions
There will be ignorant arguments against this due to cyber security concerns, enemy nations benefiting from the code, the copyrights of the people/companies who are being paid to write the code, etc., etc.
FWIW, I've used the term "citizen-owned software" for the same concept.
On the stump, every one just grokked "citizen-owned software". 15 years ago, I ran for office, advocating election integrity ("private voting, public counting"). Including replacing COTS with FOSS. My audiences were donors, politicos, editorial boards, and lots and lots of normal people. Explaining "FOSS" was a non-starter, so I switched to "citizen-owned software", which needed no explaining.
I think there should be some important balance in this:
1. What exactly do we mean by open source here? Some of the benefits would even come with a source-available model. Others would need actual permissive licensing.
2. Some public sector funding is strategic in the sense that the government wants to fund developments in some particular sector of the economy to help bootstrap the strategic industry (for instance the space sector in the UK works a lot like this). In this case its not clear what advantage there would be in mandatory open sourcing... But perhaps say you can keep it closed for 12 months after the end of the funding, then mandatory open sourcing? Gives a 12 month head start seems generous enough.
3. There is a reasonable argument when bidding on a contract where a vendor says: we won't implement this from scratch, but we will fund this by selling the same solution to other customers, and as such we can deliver this cheaper than other bidders but only as closed source. This seems valid (i.e. its a build vs buy decision essentially) and I think government organisations that have real budgets will need to make these tradeoffs occasionally. But perhaps there should be a mandated minimum discount that needs to be achieved (i.e. we're willing to pay 25% more for an open source solution, if you can't outbid that then we are obliged to choose a more expensive but open source supplier).
The vast majority of code written the for Australian government is, and I think will remain, closed, though there's certainly support for contributing to or publishing open source. But the reality is, most government software isn't particularly interesting, and what is would most likely not be approved to be open sourced.
I wish my home country current mindset wasn't that just suggesting that certain government code should be published as open source will paint you as a far right conspiracionist who doubts and attacks democracy. Yeah it's Brazil.
I remember a long decade spanning thread about the Brazilian government trying to shoehorn their super ca root into Mozilla cert database. Lots of arguments like "we audit ourselves and cherry pick a very strict number of academics to see our code and security methodologies".
Whether you want all data the government has to be public depends heavily on whether you want private security forces to have all the same power as a police force.
This website should start with an explanation of what free software is. Yes there's a link, most people won't click on it and assume that it means "free as in beer".
I don't understand the argument. Municipalities / counties have many common software needs. If they collaborated on open source software we would likely get higher quality services at lower cost, what's bad about that?
Is them cooperating on open source software a realistic outcome?
Or will there be many small, unmaintainable, slightly different, open projects?
Why are they not already collaborating on closed source software?
Looking at the mess of customizations asked for software by companies doing the same thing, I can't imagine it would be different for counties/municipalities.
(edit: Please don't misunderstand, I am not against publicly funded open source, I am just not sure if all the arguments for it hold up that well)
They are currently using closed sourced software, because it was sold to them, on god knows what terms, and how many people paid off. As with many other things in life, it's not about the thing itself, but about the people involved.
If they collaborated today that would mean a lot of active coordination required.
And only municipalities in the collaboration can benefit. If they just open sourced what they have this collaboration could grow more organically.
Of course large scale software collaboration isn't impossible without open source. But my impression is that it greatly simplifies it.
Besides, if the software is open source, other non public actors can also benefit from it.
Public money, public open source and lean code. Don't forget "open source" is not enough anymore, and "open source" can be private between a coder and its users, not public (that's why it is fine with defense related work).
I don't want public information systems to be dependent on open source bloat and kludge.
The video says that it's accurate that every night proprietary software is stealing citizen's healthcare data and that the solution is for the government to locate all of the software it needs from scratch and open source it. Why stop at rebuilding all software from scratch? You will also want to rebuild computers from scratch, light bulbs from scratch, etc. The government doesn't need to invent everything from scratch. It can be cheaper and more effective them to buy goods and services from public companies.
The website has another message that publically funded software should be open source, but that's not always possible. The government may not have the rights to even do so if they outsourced some of the development. The software is often niche and would not benefit others. In fact it can be a security risk because attackers can look for security vulnerabilities or weaknesses in systems. Attackers have a much bigger insensitive to look for security problems than security researchers because there won't be a bug bounty, it isn't software they personally use, and it could be some rare piece of software no one knows or cares about. If most talented developers are working at private companies, that means that the remaining developers who chose to work for the government are likely more prone to have poor security practices. If attackers know the supply chain of the software they can attack it. If these are open source in the sense they take contributions attackers can contribute vulnerabilities. Open sourcing code is also extra work that has to be done and will make the software more expensive to make and maintain.
>Tax savings
>Similar applications don't have to be programmed from scratch every time
Buying existing software means you don't have to program it from scratch. Sharing projects with other agencies doesn't require open source.
>Collaboration
>Major projects can share expertise and costs.
This doesn't require open source either. The government if they didn't have an income stream from leaching off it's population would be incentivized to figure this out.
>Serving the public
>Applications paid by the public should be available for everyone.
Most of the software will be useless to the public.
>Fostering innovation
>With transparent processes, others don't have to reinvent the wheel.
This is just the collaboration point. The government isn't innovative in the software field.
> If most talented developers are working private companies, that means that the remaining developers who chose to work for the government are likely more prone to have poor security practices.
This is a fallacious logic.
> Open sourcing code is also extra work that has to be done and will make the software more expensive to make and maintain.
Not if there is an established standard and practice of writing code in an open source way.
> > Open sourcing code is also extra work that has to be done and will make the software more expensive to make and maintain.
> Not if there is an established standard and practice of writing code in an open source way.
I've worked on closed source corporate software most of my career and then primarily corporate-sponsored open source in the last two years. In my own limited experience, it is strictly less work to have closed-source software. There's less concern / hesitations / hand-wringing over mover quickly when you have the illusion of privacy, and relatedly having a requirement that (almost) everything (eventually) becomes public only adds steps. Certain things always have to happen privately (examples include: internal discussions that include organizationally privileged information, certain CVE handling steps, fully secured builds with proper corporate attestations, and internal project-tracking) so you wind up with a private set of systems to maintain as well as the public ones.
Maybe there's some orgs out there that "do it right" in terms of having OSS projects not add overhead, but I doubt it's possible in orgs with as much need for privacy and security as most fortune 1k co.s and governments.
> Maybe there's some orgs out there that "do it right" in terms of having OSS projects not add overhead, but I doubt it's possible in orgs with as much need for privacy and security as most fortune 1k co.s and governments.
To the contrary, governmemt is where the need for transparency should be at its highest. Putting "efficiency" or "speed" above transparency about the inner workings of publicly-funded and publicly-made (by government employees) software is insane.
There should not be any expectation of privacy for government employees in the field of records and information.
There are already processes in place to make code developed from tax payer funded R&D available to American companies with a licensing agreement. To protect my anonymity I cannot elaborate more.
