White House Drops Final Federal Source Code Policy


OMB says Code.gov, a repository for federal open source software code, is coming in the next few months.

The White House today released final policy that requires agencies to share software code with each other and with the public, according to a blog post from U.S. Chief Information Officer Tony Scott

As part of a movement toward open source software, the White House is launching a pilot requiring agencies to share 20 percent of their custom-developed source code with the public and encouraging them to share more of it with each other to cut down on duplicative technology contracts. 

The White House also plans to unveil Code.gov, an inventory for that source code, in the next 90 days. 

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

The policy would apply to code custom-developed by outside contractors for the federal government—the code federal employees write is in the public domain by default. It incorporates public feedback gathered on an earlier draft, published in March, according to Scott's post.

Open source proponents argue that sharing software can slash federal spending by allowing agencies to reuse products their colleagues have developed. Supporters also believe citizen developers can examine federal source code, alerting the government to potential security vulnerabilities. Members of the General Services Administration's tech consultancy 18F, for instance, have lobbied for an "open source by default" policy, instead of just 20 percent. 

The policy has also found some critics in the federal government. Commenters originally attributed to the Homeland Security Department likened open source code to “Mafia having a copy of all FBI system code” or a “terrorist with access to air traffic control software." They also suggested removing the pilot's 20 percent requirement for shared code. 

DHS subsequently stated those comments were published incorrectly and do not reflect official policy; CIO Luke McCormack wrote later that releasing code "can have extensive cybersecurity benefits" and that his team "strongly supports" the policy.