this post was submitted on 26 Jul 2024
533 points (98.9% liked)

Technology

59148 readers
2006 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Switzerland has recently enacted a law requiring its government to use open-source software (OSS) and disclose the source code of any software developed by or for the public sector. According to ZDNet, this “public body, public code” approach makes government operations more transparent while increasing security and efficiency. Such a move would likely fail in the U.S. but is becoming increasingly common throughout Europe.

According to Switzerland’s new “Federal Law on the Use of Electronic Means for the Fulfillment of Government Tasks” (EMBAG), government agencies must use open-source software throughout the public sector.

The new law allows the codifies allowing Switzerland to release its software under OSS licenses. Not just that; it requires the source code be released that way “unless the rights of third parties or security-related reasons would exclude or restrict this.”

In addition to mandating the OSS code, EMBAG also requires Swiss government agencies to release non-personal and non-security-sensitive government data to the public. Calling this Open Government Data, this aspect of the new law contributes to a dual “open by default” approach that should allow for easier reuse of software and data while also making governance more transparent.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 25 points 3 months ago (4 children)

I mean wouldn't everything be a security concern in relation to government agencies?

[–] [email protected] 34 points 3 months ago

I work for the UK government. Everything my organisation does is licensed in either MIT or OGL (https://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/)

Developing code in the open really helps ensure you nail down your secure coding practices.

[–] [email protected] 14 points 3 months ago (1 children)

In my opinion especially security code needs to be open source…

[–] [email protected] 5 points 3 months ago

Nothing like bored programmers on the internet to nitpick the governments code.

[–] [email protected] 11 points 3 months ago (2 children)

If you don't release your source code due to security concerns, you just announced to the world that your software is vulnerable and you're relying on security through obscurity.

[–] [email protected] 3 points 3 months ago

never let them see you cry

[–] [email protected] 3 points 3 months ago

Meh, not really. The risk with making it publicly available is that a nation state or leet hacker types can comb over it and find exploits or know what libraries/etc you are using so when a zero day pops up they can target you directly. Whereas without direct access to th source code they'd have to do their own enumeration and surveillance.

There is some security through obscurity.

Also, just want to point out: being open source doesn't mean it's more or less secure. There is plenty of vulnerable open source code out their.

[–] [email protected] 7 points 3 months ago

I feel like a lot of the front ends can be open sourced.