As part of the new policy, EPA will create an enterprise code inventory to classify the extent to which all custom-built software will be shared with other agencies and the general public.
The Environmental Protection Agency is getting ready to default to making all its custom code open source, finally meeting an Office of Management and Budget policy instituted during the last administration.
The EPA will publish a notice Friday in the Federal Register soliciting public comment on a new open-source policy that will be added to the agency’s acquisition regulations. The clause—which will be added to all EPA contracts that include the use of open-source software or the development of custom code that may or may not be shared widely—will require contractors to provide the agency with all “underlying source code, license file, related files, build instructions, software user’s guides, automated test suites and other associated documentation as applicable,” according to the notice.
According to the proposed regulation, all of that code will default to being made available to other agencies and the public unless determined otherwise by the chief information officer. Per the regulation, the CIO can withhold code from being made open based on any of five exceptions:
- The sharing of the source code is restricted by law or regulation, including—but not limited to—patent or intellectual property law, the Export Asset Regulations, the International Traffic in Arms Regulation and the federal laws and regulations governing classified information.
- The sharing of the source code would create an identifiable risk to the detriment of national security, confidentiality of government information or individual privacy.
- The sharing of the source code would create an identifiable risk to the stability, security or integrity of EPA’s systems or personnel.
- The sharing of the source code would create an identifiable risk to EPA mission, programs or operations.
- The CIO believes it is in the national interest to exempt sharing the source code.
The contracting office or program must also submit a written justification to OMB whenever software is not made open.
Regardless of the CIO’s determination, all code purchased by the EPA will be put into an “enterprise code inventory” that will include data on whether the code was custom developed specific for—or by—the agency and whether it is available to other agencies to reuse, free for reuse by the general public or restricted due to one of the above exceptions.
The new policy notes the regulation only applies to newly purchased or developed code and is not going to be applied retroactively. That said, “making such code available for governmentwide reuse or as [open source software], to the extent practicable, is strongly encouraged.”
People with opinions on the proposed rule will have 60 days to submit a comment.