[CAVO] Fwd: [WhiteHouse/source-code-policy] Email Comment: Department of Homeland Security Office of the Chief Information Officer and Components (#152)

Brent Turner turnerbrentm at gmail.com
Mon Apr 18 14:55:37 UTC 2016


---------- Forwarded message ----------
From: John Newton <notifications at github.com>
Date: Mon, Apr 18, 2016 at 4:47 AM
Subject: Re: [WhiteHouse/source-code-policy] Email Comment: Department of
Homeland Security Office of the Chief Information Officer and Components
(#152)
To: WhiteHouse/source-code-policy <source-code-policy at noreply.github.com>
Cc: misdemeaner <turnerbrentm at gmail.com>


A more useful alternative to closing off everything because it may include
vulnerabilities is to make secure code the exception. This is not too
different from open source companies releasing enterprise features that are
not open source. Or indeed, the difference between Classified and
Unclassified information. Just as records must be declared Classified in
order to have stricter access controls, code could be declared Classified
with a similar fileplan process.

Information created by the government is inherently unclassified in the
interests of the people and transparency. Code should be no different. The
examples of rules for anti-fraud detection is a good example, but by
exception rather than by rule. This code could be classified and extended
under protected rules. But why should the code such as general purpose
libraries, simple user interfaces, connections to common unclassified
systems be closed by default. 80-90% of code probably has no impact on the
security of any system. This seems very much like a bygone age where much
of what some agencies used to do was classified by default, even lunch
menus.

In the end, the code is being funded by the people, not the department, and
the people have the right to get the most out of their investment in the
code, just as they have a right to the information that has been created in
their name.

—
You are receiving this because you commented.
Reply to this email directly or view it on GitHub
<https://github.com/WhiteHouse/source-code-policy/issues/152#issuecomment-211343711>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/cavo_lists.opensource.org/attachments/20160418/b2b549a2/attachment.html>


More information about the CAVO mailing list