The largest branch of the Norwegian government, Labor and Welfare Administration (NAV), have adopted this this policy since 2018 and now we have over 2000 public repositories on <a href="https://github.com/navikt">https://github.com/navikt</a> and <a href="https://github.com/nais">https://github.com/nais</a> (last one is our platform organization)
There are four reasons this is difficult to actually work:<p>A. Most people in government positions don't know/care about open source. Nobody will educate them for the following reasons.<p>B. Most private implementors don't want to open source stuff because it will make easier for other companies to study their code, making it easy for them to get contracts for updates to that code. Avoiding open source in general also increases the total cost so more profit for the implementing party (fe selling also Oracle licenses is much better than using postgresql)<p>C. Code in the open is easier to be audited by hackers for exploits. This is even more problematic because government code is supported by private contracts and may be left unsopported for some time due to bureaucracy.<p>D. This is the most important. Open sourcing projects opens the door for cost auditing. We've seen crazy things like simple CMSs costing millions of euros. Although these may be simple wordpress sites, they get away with them because they can say that they are custom implemented, have huge back office etc. Open sourcing them will reveal the scam.<p>Source: I work in a public sector organisation in an EU country and have dealt many times with projects by outside contractors.
I’ve heard those exact words from a government developer in Berlin and it felt really good to hear. Imagine making pull requests to improve government services! Some people would gladly do it.
How about Public Money, Public Data? For instance, there’s a whole industry around finding public legal information about companies. State’s websites offer throttled database access, some offer data for free, but most selling it for dozens of thousands of dollars (officially)
this has always puzzled me. Companies gets millions from the taxpayers to certain projects to develop their (something)<p>Then another company get another million to develop same or similiar thing.<p>Why it is not a required that if you get taxpayers' money, the results should be available for free to everyone, let's say after 12 months of grace perioid ??
There are a lot of good reasons to do this, even if it's just better interop between different branches of the government, all cool.<p>However, you then realize that the military is funded by public money. I'd wager you don't want fighter jet or missile guidance software to be open source.<p>The idea is way too simplistic and lacks nuance.
This is one of the best initiatives to promote open source. We should all support it as much as possible - particularly if working in IT. If you are: Keep in mind you are making the decisions & you can decide for better options than Google & Microsoft!
I am fully in support of such initiative. So I am interested to hear what the possible downsides are? Please share your opinions on the matter as I can only see upsides to this.
The province of British Columbia appears to have a massive open source presence: <a href="https://github.com/bcgov">https://github.com/bcgov</a>
I am in favour of the principle and certainly wouldn't oppose such legislation. However I think it's worth being aware that publishing and licensing the code only gets you an open-source project in the most narrow sense.<p>To actually get meaningful benefit from it you need to design it with multiple use-cases and deployment models in mind, document it, and build a community around it.<p>If you have a bunch of publicly-funded teams that are desperate to do that work but held back by rules saying their code has to be private then forcing it public is a huge win.<p>But actually I think most such teams are just trying to get their project off the ground or keep it alive. If you make them publish the code they'll do so and then carry on developing an undocumented system that solves their exact usecase and none other, and is tightly coupled to their particular production environment.<p>I think to really get open-source happening successfully you actually need to foster a culture that values and incentivises the extra work it entails.<p>Nonetheless, this would be a great first step. So bravo!
<a href="https://code.gov/" rel="nofollow">https://code.gov/</a><p><pre><code> Sharing America's Code
Unlock the tremendous potential of the Federal Government’s software.
Code.gov is the federal government's platform for sharing America's open source software. Our mission is to help agency partners and developers save money and increase quality by promoting code reuse and educating and connecting the open source community.
</code></pre>
<a href="https://www.nextgov.com/it-modernization/2018/02/defense-department-relaunches-open-source-software-portal/146061/" rel="nofollow">https://www.nextgov.com/it-modernization/2018/02/defense-dep...</a><p><i>> In 2016, then-President Barack Obama’s Federal Source Code Policy pushed agencies to use open source software. Among other things, the policy included a pilot program requiring agencies to publish 20 percent of code written by the government.</i><p><a href="https://code.mil/" rel="nofollow">https://code.mil/</a><p><i>> The U.S. Department of Defense (DoD) faces unique challenges in open sourcing its code. Unlike most software projects, code written by U.S. Federal government employees typically does not have copyright protections under U.S. and some international laws. This can make it difficult to attach an open source license to our code. The Defense Digital Service (DDS) has been working with DoD and the open source community since early 2017 to develop a guideline for supporting open source software (OSS) within the Department.</i><p>U.S. DoD Open-Source Software FAQ (2021), <a href="https://dodcio.defense.gov/Open-Source-Software-FAQ/" rel="nofollow">https://dodcio.defense.gov/Open-Source-Software-FAQ/</a><p><i>> This page is an educational resource for government employees and government contractors to understand the policies and legal issues relating to the use of open source software (OSS) in the United States Department of Defense (DoD).</i><p>David Wheeler (now at Linux Foundation working on software supply chain security via OpenSSF), "Open-Source and the Department of Defense" (2009), <a href="https://dwheeler.com/essays/dod-oss.pdf" rel="nofollow">https://dwheeler.com/essays/dod-oss.pdf</a><p><pre><code> DoD memo “Clarifying Guidance Regarding OSS” (Oct 16, 2009)
OSS is commercial, commercial must be preferred
DoD must develop/update capabilities faster; OSS advantages
Source code is “data” per DODD 8320.02; must share in DoD
DoD-developed software should be released to the public under certain conditions</code></pre>
There will be ignorant arguments against this due to cyber security concerns, enemy nations benefiting from the code, the copyrights of the people/companies who are being paid to write the code, etc., etc.
Terrific. I like it. Talking points are spot on.<p>FWIW, I've used the term "citizen-owned software" for the same concept.<p>On the stump, every one just grokked "citizen-owned software". 15 years ago, I ran for office, advocating election integrity ("private voting, public counting"). Including replacing COTS with FOSS. My audiences were donors, politicos, editorial boards, and lots and lots of normal people. Explaining "FOSS" was a non-starter, so I switched to "citizen-owned software", which needed no explaining.<p>Happy hunting.
I think there should be some important balance in this:<p>1. What exactly do we mean by open source here? Some of the benefits would even come with a source-available model. Others would need actual permissive licensing.<p>2. Some public sector funding is strategic in the sense that the government wants to fund developments in some particular sector of the economy to help bootstrap the strategic industry (for instance the space sector in the UK works a lot like this). In this case its not clear what advantage there would be in mandatory open sourcing... But perhaps say you can keep it closed for 12 months after the end of the funding, then mandatory open sourcing? Gives a 12 month head start seems generous enough.<p>3. There is a reasonable argument when bidding on a contract where a vendor says: we won't implement this from scratch, but we will fund this by selling the same solution to other customers, and as such we can deliver this cheaper than other bidders but only as closed source. This seems valid (i.e. its a build vs buy decision essentially) and I think government organisations that have real budgets will need to make these tradeoffs occasionally. But perhaps there should be a mandated minimum discount that needs to be achieved (i.e. we're willing to pay 25% more for an open source solution, if you can't outbid that then we are obliged to choose a more expensive but open source supplier).
UK and Australian Governments manage to do this, at least to a certain extent:<p><a href="https://www.gov.uk/service-manual/technology/making-source-code-open-and-reusable" rel="nofollow">https://www.gov.uk/service-manual/technology/making-source-c...</a><p><a href="https://www.dta.gov.au/help-and-advice/digital-service-standard/digital-service-standard-criteria/8-make-source-code-open" rel="nofollow">https://www.dta.gov.au/help-and-advice/digital-service-stand...</a>
I wish my home country current mindset wasn't that just suggesting that certain government code should be published as open source will paint you as a far right conspiracionist who doubts and attacks democracy. Yeah it's Brazil.<p>I remember a long decade spanning thread about the Brazilian government trying to shoehorn their super ca root into Mozilla cert database. Lots of arguments like "we audit ourselves and cherry pick a very strict number of academics to see our code and security methodologies".
The U.S. Digital Service (USDS) has a number of open source repos: <a href="https://github.com/usds">https://github.com/usds</a><p>I don't think it's everything they work on, but it's a step in the right direction.
Italy has <a href="https://developers.italia.it/en/software" rel="nofollow">https://developers.italia.it/en/software</a> exactly for that. I admire that project.
This website should start with an explanation of what free software is. Yes there's a link, most people won't click on it and assume that it means "free as in beer".
The point where it always breaks down for me is that I've never seen anyone lobby for moving more in the "VC Money, VC Code" direction.<p>Labor has value and needs rewarding, not just capital.
Public money, public open source and lean code. Don't forget "open source" is not enough anymore, and "open source" can be private between a coder and its users, not public (that's why it is fine with defense related work).<p>I don't want public information systems to be dependent on open source bloat and kludge.
The video says that it's accurate that every night proprietary software is stealing citizen's healthcare data and that the solution is for the government to locate all of the software it needs from scratch and open source it. Why stop at rebuilding all software from scratch? You will also want to rebuild computers from scratch, light bulbs from scratch, etc. The government doesn't need to invent everything from scratch. It can be cheaper and more effective them to buy goods and services from public companies.<p>The website has another message that publically funded software should be open source, but that's not always possible. The government may not have the rights to even do so if they outsourced some of the development. The software is often niche and would not benefit others. In fact it can be a security risk because attackers can look for security vulnerabilities or weaknesses in systems. Attackers have a much bigger insensitive to look for security problems than security researchers because there won't be a bug bounty, it isn't software they personally use, and it could be some rare piece of software no one knows or cares about. If most talented developers are working at private companies, that means that the remaining developers who chose to work for the government are likely more prone to have poor security practices. If attackers know the supply chain of the software they can attack it. If these are open source in the sense they take contributions attackers can contribute vulnerabilities. Open sourcing code is also extra work that has to be done and will make the software more expensive to make and maintain.<p>>Tax savings<p>>Similar applications don't have to be programmed from scratch every time<p>Buying existing software means you don't have to program it from scratch. Sharing projects with other agencies doesn't require open source.<p>>Collaboration<p>>Major projects can share expertise and costs.<p>This doesn't require open source either. The government if they didn't have an income stream from leaching off it's population would be incentivized to figure this out.<p>>Serving the public<p>>Applications paid by the public should be available for everyone.<p>Most of the software will be useless to the public.<p>>Fostering innovation<p>>With transparent processes, others don't have to reinvent the wheel.<p>This is just the collaboration point. The government isn't innovative in the software field.
There are already processes in place to make code developed from tax payer funded R&D available to American companies with a licensing agreement. To protect my anonymity I cannot elaborate more.