The White House has released its Federal Source Code policy that promotes reuse of new source code developed by government agencies across the federal government.
The new policy also sets up a pilot program “that requires agencies, when commissioning new custom software, to release at least 20 percent of new custom-developed code as Open Source Software (OSS) for three years,” Tony Scott, U.S. CIO and Anne E. Rung, chief acquisition officer, wrote in a memorandum to heads of departments and agencies on Monday.
The federal government spends every year over US$6 billion on software through more than 42,000 transactions, but agencies that procure custom-developed source code do not necessarily make their new code broadly available for reuse by the federal government.
“Even when agencies are in a position to make their source code available on a Government-wide basis, they do not make such code available to other agencies in a consistent manner,” resulting in unnecessary duplication and waste of taxpayers’ dollars, the memorandum added.
The administration of President Barack Obama announced in 2014 its Second Open Government National Action Plan that aimed at creating a policy for open source software among other objectives. A draft of the Federal Source Code policy was released by Scott in March for public comment.
Source code developed by National Security Systems will, however, be exempt from the new policy, and continue to follow existing rules and internal agency policies. Other agencies covered under the policy have to make their "custom-developed code available for Government-wide reuse and make their code inventories discoverable at https://www.code.gov," a site being set up by the administration within 90 days of the publication of new policy. Some exemptions are allowed to the sharing of the code by agencies such as a law or regulation or security and confidentiality considerations, according to the memorandum.
Making source code available as OSS could also help federal software projects as then private users would implement the code and publish improvements, allowing for collaborative benefits such as software peer review and security testing, sharing of technical know-how and reuse of code, according to the memorandum.
"By opening more of our code to the brightest minds inside and outside of government, we can enable them to work together to ensure that the code is reliable and effective in furthering our national objectives," Scott wrote in a post Monday introducing the final policy.
The source code for the White House’s “We The People” website tool for petitioning the government has been released as OSS and agencies like the Department of Defense and 18F office have pointed to the software reliability and security benefits of OSS. Data.gov, a website for government released data run by the U.S. General Services Administration, also runs on open source applications.
The open source component of the new policy has its critics, who fear that the code could fall in the wrong hands and be misused. In a post on Monday that tries to dispel myths around the use of open source, 18F wrote that there are several agencies that do classified work and release code that isn’t sensitive. The National Security Agency has, for example, released code and documentation for its System Integrity Management Platform under an open source Apache license.