The White House has released a policy that promotes reuse of source code developed by agencies across the federal government.
The new Federal Source Code Policy also sets up a pilot program “that requires agencies, when commissioning new custom software, to release at least 20 percent of new custom-developed code as open source software (OSS) for three years,” Tony Scott, U.S. CIO and Anne E. Rung, chief acquisition officer, wrote in a memorandum to heads of departments and agencies on Monday.
The federal government spends every year over $6 billion on software through more than 42,000 transactions, but agencies that procure custom-developed source code do not necessarily make their new code broadly available for reuse by the federal government.
“Even when agencies are in a position to make their source code available on a government-wide basis, they do not make such code available to other agencies in a consistent manner,” resulting in unnecessary duplication and waste of taxpayers’ dollars, the memorandum added.
President Barack Obama's administration announced in 2014 its "Second Open Government National Action Plan," aimed at creating a policy for open source software -- among other objectives. A draft of the Federal Source Code policy was released by Scott in March for public comment.
Source code developed by national security agencies will, however, be exempt from the new policy, and continue to follow existing rules and internal policies. Other agencies covered under the policy have to make their "custom-developed code available for government-wide reuse and make their code inventories discoverable at https://www.code.gov," a site being set up by the administration in the next few months.
Making source code available as OSS could also help federal software projects, because private users would implement the code and publish improvements, allowing for collaborative benefits such as software peer review and security testing, sharing of technical know-how and reuse of code, according to the memorandum.
"By opening more of our code to the brightest minds inside and outside of government, we can enable them to work together to ensure that the code is reliable and effective in furthering our national objectives," Scott wrote in a post Monday introducing the final policy.
The source code for the White House’s “We The People” website tool for petitioning the government has been released as OSS, and agencies like the Department of Defense and the 18F office have pointed to the software reliability and security benefits of OSS. Data.gov, a website for government data run by the U.S. General Services Administration, also runs on open source applications.
The open source component of the new policy has its critics, who fear that the code could fall in the wrong hands and be misused. In a post on Monday that tries to dispel myths around the use of open source, 18F wrote that there are several agencies that do classified work and release code that isn’t sensitive. The National Security Agency has, for example, released code and documentation for its System Integrity Management Platform under an open source Apache license.