Switzerland mandates software source code disclosure for public sector

U.S. DoD Open-Source FAQ (2021), https://dodcio.defense.gov/Open-Source-Software-FAQ/

  Both entirely new programs and improvements of existing OSS have been developed using U.S. government funds. There are far too many examples to list; a few examples are..

  Security-Enhanced Linux (SELinux) 
  bind’s implementation of DNS security (DNSSEC)
  BSD TCP/IP suite - Provided the basis of the Internet

A recent (2019) example is Ghidra, https://ghidra-sre.org.

> The EMBAG law stipulates that all public bodies must disclose the source code of software developed by or for them, unless precluded by third-party rights or security concerns.

How big of a hole is this going to be?

> One of the critical aspects of this law is encapsulated in Article 9, which not only mandates the disclosure of source code but also allows public bodies to offer additional services related to support, integration, or IT security, provided these services align with public tasks and are offered at a cost-covering remuneration. This provision ensures that while fostering OSS, the government can also maintain a competitive balance and avoid market distortion .

Finally, government getting into the SasS action.

Most public sector code is not made public for the shame it would bring the country.

Good! And good luck with that.

I think Brazil made noises like this for a short time some years ago. I don't think it went anywhere but it is clearly the sane ideal, and is just a failing that we don't have it. A normal failing like countless others, bit still a failing.

To me it never made sense for any public facilities to rely on anything the public couldn't at least audit, let alone modify to remove any artificial private-serving restrictions like undocumented file formats and artificial lack of inteteroperability with other software and old versions of the same software etc.

Maybe eventually this will be a thing, but will probably take forever.

Assuming this doesn't really stick long term, at least it seems that very gradually, more municipalities are trying.

Sooner or later maybe it will start to stick, maybe only in some smaller places at first that can get away with being opinionated and principled, and too small for MS and Oracle to fight too hard over.

But those may beget a few others. Maybe once tiny town down the road does it, slightly larger town realizes they could too. And then maybe you have a world where say 2% of public official things don't use Office or Oracle etc.

That starts to make it important for everyone else to support agnostic compatibility as a real thing they actually have to support instead of just forcing all their users to use Edge or Chrome or Office etc.

And once that starts to happen, once most services and products actually work with firefox and libreoffice etc, it makes it less crazy and unimaginable for some larger less hippy idealist municipalities to actually consider the principled argument. They have less ammo to shoot it down.

Curious how they plan to enforce this. Will they be auditing their own organizations? Are theg requiring govt organizations to go through some kind of review before they're allowed to deploy new software? Are they relying on whistleblowers? Or is this basically just a declaration with the expectation that their organizations will act in good faith going forward?

It would be good if they mandate public sector own their own source code, build procedures including on future hardware, tests, documentation, etc and rights to grow it further.

Disclosing to public is secondary but useful.

I would love for the gov.uk source code to be public. It’s some of the best software I’ve ever used, let alone software in the public sector.

The EMBAG law stipulates that all public bodies must disclose the source code of software developed by or for them, unless precluded by third-party rights or security concerns.

"unless precluded by third-party rights"

Oh. Well then. Nothing to see here.