OQB @fajre@lemmy.world

I’ve been thinking about transparency and security in the public sector. Do you think all government software and platforms should be open source?

Some countries have already made progress in this area:

  • Estonia: digital government services with open and auditable APIs.
  • United Kingdom: several open source government projects and systems published on GitHub.
  • France and Canada: policies encouraging the use of free and open source software in public agencies.

Possible benefits:

  • Full transparency: anyone can audit the code, ensuring there is no corruption, hidden flaws, or unauthorized data collection.
  • Enhanced security: public reviews help identify vulnerabilities quickly.
  • Cost reduction: less dependency on private vendors and lower spending on proprietary licenses.
  • Flexibility and innovation: public agencies can adapt systems to their needs without relying on external solutions.

Possible challenges:

  • Maintenance and updating of complex systems.
  • Protecting sensitive data without compromising citizen privacy.
  • Political or bureaucratic resistance to opening the code.

Do you think this could be viable in the governments of your countries? How could we start making this a reality globally?

  • percent@infosec.pub
    link
    fedilink
    arrow-up
    8
    ·
    1 month ago

    Some, but probably not all. Seems like it would be a bad move to open-source all military software.

    • humanamerican@lemmy.zip
      link
      fedilink
      arrow-up
      14
      arrow-down
      2
      ·
      1 month ago

      Why? Open source only requires sharing the source when sharing the software. No distribution of software - no distribution of source. But if they are gonna sell software to other militaries or civilian contractors, we have a right to know what they’re selling.

      And no, hiding your code doesn’t generally make your software more secure.

      • percent@infosec.pub
        link
        fedilink
        arrow-up
        9
        ·
        1 month ago

        It just seems like a bad tactic. For example, if the US gives Ukraine some software that helps them fight Russia, it’s likely tactically advantageous (to Ukraine) if Russia doesn’t have the source code.

        Of course, it doesn’t mean Russia couldn’t do some reverse engineering to some extent. But that takes time, and likely wouldn’t be as complete/thorough as just handing them the source code.

        • humanamerican@lemmy.zip
          link
          fedilink
          arrow-up
          4
          arrow-down
          1
          ·
          1 month ago

          If the DoD gives some ooen source software to Ukraine they are required to give the source code to Ukraine - not to Russia.

          • Lumidaub@feddit.org
            link
            fedilink
            arrow-up
            3
            arrow-down
            1
            ·
            1 month ago

            Trying to understand what you’re saying: how is that open source then? It sounds like you’re saying giving the source to Ukraine only would suffice.

            • humanamerican@lemmy.zip
              link
              fedilink
              arrow-up
              2
              arrow-down
              1
              ·
              1 month ago

              That’s exactly what I’m saying. Go read the GPL and you’ll see that’s what it says too.

              • magic_lobster_party@fedia.io
                link
                fedilink
                arrow-up
                1
                ·
                1 month ago

                You’re confusing GPL with open source. Not all open source software is GPL.

                The general discussion in this thread is if source code to government software should be publicly available. Not if government software should adopt GPL.

                • humanamerican@lemmy.zip
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  1 month ago

                  Its not just GPL. MPL, BSD work this way as well. And the original post refers to open source, not “code available to all”. Come back with a commonly used open source license that enforces what you’re describing and maybe you’ll have a point. Otherwise, why are we arguing about things that can just be looked up?