Code paid for with public money should be open to the public. This principle is enshrined in the UK Government Design Principles and the NHS Service Standard. It is now being walked back. We are signing this to restate the case.
Signatures
10 signatures so far
Software Developer and Researcher (Ecosyste.ms)
Core team lead (Nuxt)
Heidar Bernhardsson
Researcher (University of Edinburgh)
Technical Architect
GP, Clinical Informatician and Developer (Baw Medical, RCPCH, openEHR International)
Interaction designer
Robin Whittleton
Software Engineer
Maintainer (Open Source Pledge)
Statement
We disagree with the NHS technical leadership’s decision to hide the source code of all of their repositories.
Making code open source requires more work than keeping it closed. That hard work is the point.
It requires a higher bar of quality. It requires processes to proactively find, fix, and monitor for vulnerabilities. It requires identifying risk, and putting barriers in place to contain any damage when things go wrong.
But it works like the human immune system: being exposed to threats hardens the attack surface.
Closed source allows that work to be skipped. It substitutes obscurity for depth, and obscurity buys you precious little when a sufficiently motivated attacker is involved.
Warning We call on NHS England to withdraw the SDLC-8 red line and reaffirm its commitment to the NHS Service Standard Principle 12: “Make new source code open.”
If you agree, sign your name using the form below. Submissions are reviewed by hand and you’ll appear on the page once approved.
Add your signature
Thank you, your submission has been accepted. We will review it by hand and contact you if we need any further information.