Last month the White House called for developers to comment on its proposed draft for a Government-wide Open Source Software policy. The new policy would require code paid for by the government to be made available for reuse across other federal agencies and a portion (20%) of the custom code would be released as open source.
The period for public comment officially ended yesterday and now the White House Office of Management and Budget (OMB) will analyze the feedback on GitHub to refine the final policy.
CIO of the Department of Homeland Security Affirms Benefits of Open Source for Cybersecurity
Yesterday, Luke McCormack, the Chief Information Officer of the Department of Homeland Security, offered formal comments on GitHub, affirming the benefits of open source, especially in regard to cybersecurity:
When managed appropriately, releasing code as OSS and engaging with the community can have extensive cybersecurity benefits. Security through obscurity is not true security: we cannot depend on vulnerabilities not being exploited just because they have not been discovered yet. There are many examples of widely-used pieces of software that benefit greatly from constant and vigorous community reviews and contributions to find bugs, and thus making them more secure. We look forward to government systems joining them.
McCormack’s clarification of the department’s official position combats the common misconception that open source code is inherently insecure. The comment also affirms the department’s support for working with the open source community.
“Participation in the open source community will further strengthen our systems and help fulfill the mission of the Department,” McCormack said. “Likewise, we believe in the potential of this policy to incentivize innovation and enable a new generation of companies to do business with the Government.”
Developers Push for an “Open by Default” Policy
The proposed policy encourages federal agencies to work together to make reusable modules and to build active communities around the open source code they release. It is a better use of American tax dollars, but there is also a significant contingency of developers who believe the policy doesn’t go far enough with its arbitrary 20% requirement.
In an issue titled “Software should be “Open by default” not 20%,” the Presidential Innovation Fellows Foundation (PIFF) shared the following statement summarizing the general consensus of its 120 members:
The PIF Foundation membership strongly believes that it is in the best interest of increased government efficiency and taxpayer savings for the OMB to set a policy of ‘open by default’ for custom software developed by the Federal Government rather than setting a goal of at least 20% OSS as originally proposed in the source code policy.
Ben Balter, open source advocate and product manager at GitHub, expanded on why the PIFF believes that taxpayer-funded government code should be open by default. Balter penned an op-ed for FCW about how the proposed open source policy, with its 20% requirement, is a missed opportunity to modernize government. He contends that the proposed three-year pilot program will not likely produce results beyond what is already known, as open source has already undergone a two-decade pilot. By 2019, the push for ‘open by default’ will be long overdue:
It’s no secret that government agencies lag behind the private sector with regard to technology, and the proposed source code policy hesitantly testing the waters of open source is no exception. Open source software isn’t a potential fad to be cautiously evaluated as part of a three-year pilot program, nor are the benefits unknown or unproven in large enterprises. Open source is simply how industry builds software today. You’d be hard-pressed to find a startup worth its venture capital funding that isn’t based, at least in part, on open source software. The same holds true of most industry leaders, already embracing open source as a core part of their business strategy, including Microsoft, Apple, Google, IBM, SAP and Adobe to name a few.
Mozilla representatives also commented on the issue to affirm its support for “open by default” and clear international licensing. The company identified four key reasons for shooting for 100% rather than mandating a minimum requirement:
- Open source by default is consistent with the principle that the public should receive maximal benefit from the expenditure of their tax dollars.
- Software produced in the open will be of high quality and will help promote the public’s trust due to the extra scrutiny it can receive and the potential contribution of external interested parties.
- The additional burden of opening source code to the public should not be great if the software already has to be prepared for sharing within the Federal government.
- The burden of tracking, assessing and reporting on percentages is removed, as is the problem of deciding how to make the measurements in the first place.
Mozilla and many others commenting on the issue are urging the White House to reject the notion of an arbitrary 20% target and instead aim for open source from the outset, removing sensitive parts of the code base as necessary.
It’s unclear how much weight this particular issue will hold in the creation of the final policy, but the opportunity for industry experts to comment on and contribute to the process is already a major step forward. The policy is still in draft status and we will publish an update once the OMB has finalized its decision.