The UK Government Digital Service (GDS) is sharing its recommendations for how public services can overcome barriers to developing software as open source. In a blog post, GDS summarises its answers to 11 roadblocks frequently encountered. Their words of advice are useful for public services from all over Europe.
The GDS blog post lists 11 barriers, including: “We’ll get hacked” and “What if people find bugs?”. Where relevant, the GDS answers include links to government policies that support the development of open source software. Some of the answers also include examples of UK public services that are already showing the way by developing openly.
One barrier that OSOR has anecdotally encountered all over Europe is number 8 on the GDS list: “We’ll open the project when we finish”. GDS counters this excuse: “You may have the best intentions but in all likelihood your organisation will not open source code once it’s complete.” The GDS answer points to the UK regulation that mandates that all new code should be open, and adds tips on how to open up closed code.
An alternative path to overcome this barrier is taken by Bulgaria. The country has similar rules on sharing new software as open source, but has added a requirement that code must be published on its national open source software repository right from the onset.
Barrier 6: “What if people find bugs?” is also raised by public services all over Europe. GDS: “All companies have bugs in their code and government organisations are no different. Your organisation should not keep code closed because it’s worried about people finding bugs.”
Conversely, public services can actually invite citizens to find bugs and so to help improve projects. That is the path taken by, for example, the European Commission. The EC, in its EU-FOSSA 2 project, is about to launch a series of open source bug bounties. The project will reward software researchers who discover vulnerabilities in a range of free and open source software in use at the Commission.
The EU-FOSSA 2 project will also try out other methods to scrutinise and improve the security of open source software. One option would be to organise hackathons.