Switzerland has recently enacted a law requiring its government to use open-source software (OSS) and disclose the source code of any software developed by or for the public sector. According to ZDNet, this “public body, public code” approach makes government operations more transparent while increasing security and efficiency. Such a move would likely fail in the U.S. but is becoming increasingly common throughout Europe.
According to Switzerland’s new “Federal Law on the Use of Electronic Means for the Fulfillment of Government Tasks” (EMBAG), government agencies must use open-source software throughout the public sector.
The new law allows the codifies allowing Switzerland to release its software under OSS licenses. Not just that; it requires the source code be released that way “unless the rights of third parties or security-related reasons would exclude or restrict this.”
In addition to mandating the OSS code, EMBAG also requires Swiss government agencies to release non-personal and non-security-sensitive government data to the public. Calling this Open Government Data, this aspect of the new law contributes to a dual “open by default” approach that should allow for easier reuse of software and data while also making governance more transparent.
Security concerns? Closed-source software is a security concern in itself!
This makes entirely too much sense. I’d love to see sanity prevail and this to trend, but I no longer have reasonable hope for much anymore.
I do secretly feel bad for any government workers that were using Photoshop and have to switch to Gimp though.
Glad you love it. This is kind of a tired debate but specifically if you are well versed in Photoshop and try to convert to Gimp you feel like, well, a Gimp. From personal experience I tried for a solid year and it never felt right. I could still do the things I needed but it took longer and was more cumbersome. Probably a different story if you grow up with it.
Eh, really depends on the use case. For example if you want to edit something distributed in a psd format gimp won’t even tell you something got imported wrong. So the file will import but will look wrong.
And then there’s the UI. It just refuses to follow any current standards. Whether that’s a good or bad thing depends on the user.
Personally I use affinity photo. Works for my use case and is a one time purchase product, which for me is ok.
I mean wouldn’t everything be a security concern in relation to government agencies?
I work for the UK government. Everything my organisation does is licensed in either MIT or OGL (https://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/)
Developing code in the open really helps ensure you nail down your secure coding practices.
If you don’t release your source code due to security concerns, you just announced to the world that your software is vulnerable and you’re relying on security through obscurity.
Meh, not really. The risk with making it publicly available is that a nation state or leet hacker types can comb over it and find exploits or know what libraries/etc you are using so when a zero day pops up they can target you directly. Whereas without direct access to th source code they’d have to do their own enumeration and surveillance.
There is some security through obscurity.
Also, just want to point out: being open source doesn’t mean it’s more or less secure. There is plenty of vulnerable open source code out their.
This is really cool. I do wonder how often “third-party rights or security concerns” will be deemed to apply, though.
“unless the rights of third parties or security-related reasons would exclude or restrict this.”
Without a narrow and specific definition of what qualifies, this clause looks to me like a free pass to ignore the law. I hope its inevitable abuse will lead to a quick shoring up of the language.
