White House releases open source policy

The White House released long-anticipated guidelines aimed at improving agency sharing of federally-developed software source code.

The memo, noted in an Aug. 8 blog post by Federal CIO Tony Scott, also incorporates a pilot program to release some custom-developed code used by federal agencies to the public. Scott is also looking to agencies for more public releases beyond the pilot. OMB also plans to launch a new website called Code.gov to make access even easier.

Scott noted that the federal government has been sharing code for some time, including the code for the White House's "We the People" petition platform, the Vet.gov site hosted by the Department of Veterans Affairs, and more code at the Data.gov website. Now Scott is taking these established best practices government-wide.

The new document follows the March 2016 release of a draft policy, which elicited comments from open source advocates, government agencies and others. In one memorable episode, Homeland Security CIO Luke McCormack had to walk back comments from DHS IT workers who were concerned that open source was inherently insecure.

The goal of making federal source code more accessible is to increase sharing and reduce costs of duplicative software purchases, said Scott. With open source, Scott said, the federal government should remain technologically neutral and ensure IT investments remain "merit-based," adding the amount of available federal open source software will grow.

Overall, the policy calls for agencies to open 20 percent of their custom code for the duration of the pilot as a minimum. "Agencies are strongly encouraged to release as much custom-developed code as possible to further the Federal Government’s commitment to transparency, participation, and collaboration," according to the policy.

The policy also calls for federal agencies to apply a three-step test when acquiring software, to determine if an existing federal solution or commercial solution can do the job, before turning to new custom software.

Not all code is eligible for sharing. The policy notes that some source code is restricted by patent or other laws, or export controls. The release of some could potentially compromise national security or private information. There is also an exemption under which the federal CIO can restrict sharing because it is in "the national interest" to do so. OMB is required under the policy to justify any software that is exempted from the open source rules.