I’ve been thinking about transparency and security in the public sector. Do you think all government software and platforms should be open source?
Some countries have already made progress in this area:
- Estonia: digital government services with open and auditable APIs.
- United Kingdom: several open source government projects and systems published on GitHub.
- France and Canada: policies encouraging the use of free and open source software in public agencies.
Possible benefits:
- Full transparency: anyone can audit the code, ensuring there is no corruption, hidden flaws, or unauthorized data collection.
- Enhanced security: public reviews help identify vulnerabilities quickly.
- Cost reduction: less dependency on private vendors and lower spending on proprietary licenses.
- Flexibility and innovation: public agencies can adapt systems to their needs without relying on external solutions.
Possible challenges:
- Maintenance and updating of complex systems.
- Protecting sensitive data without compromising citizen privacy.
- Political or bureaucratic resistance to opening the code.
Do you think this could be viable in the governments of your countries? How could we start making this a reality globally?
Any even partially publicly funded government code should be open sourced, just like the new rules for public funding and publishing of scientific research. If people actually paid attention this would crush my former local government department.
Couldn’t people look through the code for exploits?
Yes, that is a very good thing.
It would mean that we a have a lot more people who can find exploits, report them and repair them.
Sure, some would find exploits and use them, but you would have more people finding and fixing them
Yes. Public money public code and all that.
However…
For security reasons, I wouldn’t feel comfortable if every one who wanted to could just contribute to it. It would need to be a closed developer group with security clearance. We can all look at what they’re doing, but we can’t insert our own patch commit requests to them ad nauseaum.
That’s entirely possible in the existing open source model with things like CODEOWNERS in github. I think it would work well for this concern.
I believe yes but they are going to say something about national security. Even though all the proprietary software they used gets hacked and has leaks anyway oof
This is due to a simple mental hang up people have.
They want to blame/punish someone for the failure.
In an open source project, there isn’t really any one you can fine, GPL clearly states that the software is provided without warranty.
If you hire a company to make a program for you, you pay them to not only build the program for you, but to also accept liability for errors.
And that is often far more important to management than if the code is open
Public money, public code.
Firstly do you mean software that the government uses, or that the government make? What about if they hire an external company to make it, which is pretty much what they always do?
I don’t think there is any need. It wouldn’t solve any problem or make anyone safer.
Even if an external company makes it, they can add an open source mandate if they want. The US DoD is starting to mandate the usage of open standards for their contractors to increase inter compatibility and ability to extend those systems.
Open source software has some value like making it easier for analysts to find security issues and the act of open sourcing software usually leads organisations to raise the quality because they don’t want to be ashamed of the code. Plus imagine the clout gained by a dev who got a bug fix merged in that millions of citizens get to use.
I agree, all software developed or used by governments should be open-source.
There might be few cases where there is a legitimate reason for it not to be open source (no open source software available, need a proprietary software for running old legacy equipment …). In this case the decision should be voted on and the arguments exposed publicly.
OP, what do you mean by the following two challenges
- Maintenance and updating of complex systems.
- Protecting sensitive data without compromising citizen privacy.
Reads like AI
Yeah, no replies here and a lot of posts
Public money, public code.
Its really that simple
Not only should the source code be available, but they need to be Free Software (licenses such as GPL, Apache, etc.).
Don’t forget VistA. It’s the EMR used by the VA. https://en.wikipedia.org/wiki/VistA
Why would it be more difficult to maintain and update a complex system?
They don’t have to accept outsider contributions on their mainline nor employ less people to work on it.
Imagine governments adding to foss. Would be awesome.
Yes, I think all
governmentsoftware should be FOSS.(Ok, ok. Not all. I don’t think it should be mandatory to distribute software. But if you do distribute software, I think the source code should be required to come with it and there shouldn’t be any intellectual property restrictions on modifying it or distributing it, with or without modifications so long as you include the source code. Aside from that, distributing versions with malware included without sufficiently advertising that fact should be considered some sort of fraud or vandalism.)
But I’m under no illusion that there’s any likelihood of that happening any time in my lifetime. One can hope, though.
Of your “possible challenges”, the first two are complete fiction. FOSS would make it easier to properly maintain and update systems, complex or otherwise. And databases and code are two different things. Beyond that, I’ll say that distributing software only in compiled form doesn’t make anything more secure or hide anything about how the code works.
Edit: Oh, I also think a right to attribution is a good thing. It can be done poorly. (Like some of the earlier BSD licenses that would result in pages and pages of attribution for a single code project.) But done well, I think it’s a worthwhile thing.
Do you mean software created by the government, or simply used by the government?
In the US, I believe the standard is that the software would be public domain if it’s an official government publication.
