GDS weighs in on the NHS's decision to retreat from Open Source

· Source: Simon Willison's Weblog · Field: Government & Public Sector — Digital Government & E-Government, Public Policy & Governance, Public Safety & Security · Depth: Intermediate, quick

Summary

The Government Digital Service (GDS) has published guidance titled "AI, open code and vulnerability risk in the public sector" on May 14th, advocating for an "open by default" approach to public sector code. This guidance implicitly critiques the NHS's recent decision to restrict access to its open-source repositories following vulnerability reports from Project Glasswing. GDS emphasizes that making code private incurs additional delivery and policy costs, while also reducing opportunities for reuse and external scrutiny. The GDS stance suggests that closure should be a rare and deliberate exception, not the default, signaling a significant public disagreement within the UK Civil Service regarding open-source policy.

Key takeaway

For public sector technology leaders evaluating code management strategies, your teams should adhere to an "open by default" policy for software development. Restricting access to code repositories, even in response to security concerns, introduces unnecessary costs and diminishes opportunities for collaborative improvement and external security review. Prioritize robust vulnerability disclosure programs over blanket privatization to maintain transparency and foster trust.

Key insights

Public sector code should remain open by default to foster scrutiny and reuse, avoiding costs of privatization.

Principles

In practice

Topics

Best for: CTO, VP of Engineering/Data, Director of AI/ML, Policy Maker, IT Professional, AI Security Engineer

Related on AIssential

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Simon Willison's Weblog.