New Policy Requires Feds to Share Custom-Developed Software
Published: August 10, 2016
Earlier this week, OMB released its Federal Source Code policy requiring new federal custom-developed software be made available for sharing and re-use across federal agencies. The policy is meant to reduce duplication of effort across government and reduce vendor lock-in.
Objectives of the new policy are as follows:
- Provide a policy to agencies on considerations that must be made prior to acquiring any custom-developed code.
- Require agencies to obtain appropriate government data rights to custom-developed code, including at a minimum, rights to government-wide reuse and rights to modify the code. Agencies shall make such custom-developed code broadly available across the federal government, subject to limited exceptions.
- Require agencies to consider the value of publishing custom code as open source software (OSS).
One area of the new policy involves a three year pilot program requiring agencies to release 20% of custom-developed code as OSS. Releasing code publically as OSS facilitates continual improvement of the code through collaboration of peers within and outside the federal government. OSS also allows for broader reuse of existing software solutions and wider security testing.
Under the new policy, agencies will be required to conduct a three-step analysis in accessing their software needs and potential solutions:
- Step 1 - Conduct strategic analysis and analyze alternatives
- Step 2 - Consider existing commercial solutions
- Step 3 - Consider custom development
During the analysis agencies are advised to also consider hybrid solutions, modular architecture, cloud computing, and open standards.
OMB recognizes that not all code should not be released due to national security and other privacy reasons. Exceptions to the new policy include:
- The sharing of the source code is restricted by law or regulation, including—but not limited to—patent or intellectual property law, the Export Asset Regulations, the International Traffic in Arms Regulation, and the Federal laws and regulations governing classified information.
- The sharing of the source code would create an identifiable risk to the detriment of national security, confidentiality of federal government information, or individual privacy.
- The sharing of the source code would create an identifiable risk to the stability, security, or integrity of the agency’s systems or personnel.
- The sharing of the source code would create an identifiable risk to agency mission, programs, or operations.
- The CIO believes it is in the national interest to exempt sharing the source code.
The administration will be launching www.code.gov within the next 90 days to help agencies implement this policy and act as a repository for tools, best practices and schemas. Code.gov will not house custom-developed code itself, but will act as a “discoverability portal” for code that is available for government-wide reuse and for release as OSS.