Switzerland has recently enacted a law requiring its government to use open-source software (OSS) and disclose the source code of any software developed by or for the public sector. According to ZDNet, this “public body, public code” approach makes government operations more transparent while increasing security and efficiency. Such a move would likely fail in the U.S. but is becoming increasingly common throughout Europe.

According to Switzerland’s new “Federal Law on the Use of Electronic Means for the Fulfillment of Government Tasks” (EMBAG), government agencies must use open-source software throughout the public sector.

The new law allows the codifies allowing Switzerland to release its software under OSS licenses. Not just that; it requires the source code be released that way “unless the rights of third parties or security-related reasons would exclude or restrict this.”

In addition to mandating the OSS code, EMBAG also requires Swiss government agencies to release non-personal and non-security-sensitive government data to the public. Calling this Open Government Data, this aspect of the new law contributes to a dual “open by default” approach that should allow for easier reuse of software and data while also making governance more transparent.

  • cmnybo@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    12
    arrow-down
    1
    ·
    5 months ago

    If you don’t release your source code due to security concerns, you just announced to the world that your software is vulnerable and you’re relying on security through obscurity.

    • cybersandwich@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      5 months ago

      Meh, not really. The risk with making it publicly available is that a nation state or leet hacker types can comb over it and find exploits or know what libraries/etc you are using so when a zero day pops up they can target you directly. Whereas without direct access to th source code they’d have to do their own enumeration and surveillance.

      There is some security through obscurity.

      Also, just want to point out: being open source doesn’t mean it’s more or less secure. There is plenty of vulnerable open source code out their.