Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Government Open Source United States Programming Security Software The Almighty Buck

White House Releases Federal Source Code Policy To Help Government Agencies Go Open Source ( 61

dwheeler writes: The U.S. federal government just released a new Federal Source Code policy (PDF). For each of the next 3 years, at least 20 percent of custom-developed Federal source code is to be released as open-source software. Earlier this year, Tony Scott, Federal CIO of the U.S. government, wrote on the White House blog that the U.S. government "can save taxpayer dollars by avoiding duplicative custom software purchases and promote innovation and collaboration across Federal agencies." Today, they released the Federal Source Code policy. TechCrunch reports: "The main requirement is that any new custom source code developed 'by or for the Federal Government' has to be made available for sharing and re-use by all Federal agencies. For example, this means that the TSA can have access to custom made software that was commissioned by the FBI. Considering there is probably a great deal of overlap in applications needed by certain branches of the Federal Government, this rule alone should save the government (and taxpayers) a great deal of money. In fact, the policy states that 'ensuring Government-wide reuse rights for custom code that is developed using Federal funds has numerous benefits for American taxpayers.'"
This discussion has been archived. No new comments can be posted.

White House Releases Federal Source Code Policy To Help Government Agencies Go Open Source

Comments Filter:
  • by namgge ( 777284 ) on Monday August 08, 2016 @09:24PM (#52668597)
    IME, writing code that is reusable is quite hard. Getting it into a form that using it in another project is worthwhile is costly. It'll be interesting to put in a FOI enquiry in a few years to see whether the benefits outweigh the costs.
    • by wbr1 ( 2538558 )
      This would be a GAO report. Probably not FOI
    • > IME, writing code that is reusable is quite hard. Getting it into a form that using it in another project is worthwhile is costly.

      Writing code to do extremely similar or even identical functions 3 times for 3 different projects is much _more_ costly, and each version is likely to have unique bugs. I'm also afraid that it's extremely common. Standardizing poorly integrated code from different companies or different projects covers a great deal of my paycheck and has vastly improved performance and relia

  • Public money (Score:4, Insightful)

    by phyr ( 586855 ) on Monday August 08, 2016 @09:37PM (#52668625)
    Public software from public money. The model works well for scientific software at NASA, ESA, CSA, etc.
    • It is a great model.

      Too bad that's not what this is.

    • by rtb61 ( 674572 )

      So as it is public software for public money, then the US Library of Congress should be expanded to incorporate a FOSS software repository. Which would be made available for people to deposit, maintain and download FOSS software, this as a matter or public record to apply some security principles for that software so that it is safe to use by government departments. A copy of the source code of all government software projects should reside there.

  • by Todd Knarr ( 15451 ) on Monday August 08, 2016 @10:32PM (#52668769) Homepage

    Big problem here: a lot of software where the functionality could be reused can't be reused because it wasn't written for reuse. It'll have a lot of instance-specific code scattered throughout, for example logging functions that're specific to the system it was first written to run in. The result is it's easier and faster to write it from scratch than to try and remove the instance-specific code from the original source to make it suitable for use somewhere else. An open-source policy doesn't need just a mandate for reuse, it needs a mandate for making software reusable at the time it's written. That, unfortunately, is something any developer can tell you is really hard to get management to agree to.

    • Section 3, Three-Step Software Solutions Analysis after listing its three steps says: "Agencies must also consider several factors throughout each stage of the three-step analysis:", and then bullet B of this says: "Modular Architecture: Agencies should consider modular approaches to solution architecture. As discussed in the Digital Government Strategy, modularity can reduce overall risk and cost while increasing interoperability and technical flexibility." So it looks like they are at least
    • by ebvwfbw ( 864834 )

      I think one big problem will be NIH - Not Invented Here syndrome. So many guys in the industry, if they didn't write it and it wasn't written by their group, it's crap. Never mind another agency.

      We may see *standards* out of this. Standards are wonderful. They're so many of them to choose from.

  • by reemul ( 1554 ) on Monday August 08, 2016 @10:35PM (#52668777)

    I don't honestly care if the software is open source, use what works best regardless of whether RMS approves or not. What I really want to see instead is publicly accessible document management for the laws and regulations. I want to be able to determine exactly who entered in every single word, made every single edit, and when they were committed to the document. No more "I don't recall who added that" or "I have no idea who made that change". And make sharing a login a felony, so a member of Congress can't give out their login credentials to their entire staff and then disavow personal responsibility. If someone pastes in 5 pages from a lobbyist late at night hours before the vote, I want to know precisely who did it and under what circumstances. Full transparency, right down to the single word or punctuation mark. The technology is cheaply available right off the shelf, they could implement GitLaw across the entire government by year's end for less than they spend on lawyers to defend FOIA lawsuits in a single quarter.

    • by gtall ( 79522 )

      Scale is important, son. Now go back and figure out how much you'd like to raise your taxes to pay for such a scheme. Get back to us on that figure.

  • Hello,

    I did not see any mention of a bug bounty program. Is there one? If the federal government would like to not just have its open sourced software reviewed but actually receive reports of bugs, they should consider adding a bug bounty program to encourage programmers to report any errors they find to the federal government, instead of selling it to an adversary.


    Aryeh Goretsky

    • Why would one federal agency pay a bounty to another federal agency for fixing software they openly share with each other. BTW, the 'open source' the government is talking about consists entirely of code being shared among federal government agencies, not with the public.
      • Not so. It's true that the policy focuses more on sharing within the federal government, but it also specifically requires that at least 20% of the code be shared with the public as OSS. It's a start.
  • "The main requirement is that any new custom source code developed 'by or for the Federal Government' has to be made available for sharing and re-use by all Federal agencies.

    Has 'open source' been redefined to mean nothing more than custom government software being shared with other branches of the same federal government?

    • I don't think that "open source software" has been significantly redefined. Here's the definition of Open Source Software in this memo: "Software that can be accessed, used, modified, and shared by anyone. OSS is often distributed under licenses that comply with the definition of "Open Source" provided by the Open Source Initiative ( and/or that meet the definition of "Free Software" provided by the Free Software Foundation (" That's
  • He went open source, like all the villians!
  • Unless I'm missing something there, but this just requires that code developed for one agency should be available to other agencies. Not that it should be 'open'.

    This just sounds like 'we wanna get past licence agreements and not have to pay for it', not 'we want to make our code open'.

    • ... and that's already the rule. Almost all software developed under contract for the Fderal Gov't, civilian agencies ,or the DoD have an "unlimited use rights" clause incorperated. Providing a copy of the source for static analysis is also part of the approval process. It seems that what they're trying to do is make the sharing easier or to revive the multiple failures of intra-agency forge sites as a real common platform (think []
      • You mean "unlimited rights" not "unlimited use rights". Once the government has unlimited rights it can release the software as open source software. For more details, see my paper "Publicly Releasing Open Source Software Developed for the U.S. Government" by David A. Wheeler, Software Tech News, Volume: 14 Number: 1 - DoD and Open Source Software. []
  • This guy clearly doesn't understand how cut-throat and back-stabbing federal contracting is. People will throw you under the bus in a heartbeat if it means they can weasel their way to a contract ahead of you. Hardware is easy to duplicate/copy, software is not. By forcing private industry to give up their intellectual property rights opens the door to well-connected contractors stealing from the little guy.

Arithmetic is being able to count up to twenty without taking off your shoes. -- Mickey Mouse