Switzerland has recently enacted the “Federal Law on the Use of Electronic Means for the Fulfillment of Government Tasks” (EMBAG), a landmark legislation that mandates the use of open-source software (OSS) in the public sector. This law requires all public bodies to disclose the source code of software developed by or for them unless third-party rights or security concerns prevent it. This initiative, driven by the “public money, public code” principle, aims to enhance transparency, security, and efficiency in government operations.
Background
The journey towards EMBAG began in 2011 with the Swiss Federal Supreme Court’s release of Open Justitia, a court application published under an OSS license. This move faced opposition from proprietary software vendors and sparked a decade-long political and legal battle. Finally, in 2023, EMBAG was passed, marking a significant shift towards open-source adoption in Switzerland.
Key Provisions of EMBAG
The EMBAG law mandates several key actions:
- Open Source Requirement: Public bodies must disclose the source code of developed software unless restricted by third-party rights or security concerns.
- Open Government Data: Non-personal and non-security-sensitive government data must be released as Open Government Data (OGD).
The Thought Process Behind Switzerland’s Decision
Professor Dr. Matthias Stürmer, a leading advocate for the law, emphasized its potential benefits for the government, the IT industry, and society. Open-source software reduces vendor lock-in, encourages digital business expansion, and potentially lowers IT costs while improving services for taxpayers. Implementing EMBAG aims to promote digital sovereignty and encourage innovation and collaboration within the public sector. The Swiss Federal Statistical Office (BFS) is leading the law’s implementation, although organizational and financial aspects of OSS releases still need to be clarified.
Comparison with the US
Despite the clear advantages seen in Switzerland, the United States has been more reluctant to fully embrace open-source software. The US government’s approach to OSS is characterized by cautious and incremental adoption rather than sweeping mandates. The US Federal Source Code Policy requires federal agencies to release at least 20% of new custom-developed code as OSS but does not mandate its use across all government software. Similarly, the General Services Administration (GSA) promotes an “open first” approach but stops short of a full commitment to open-source software.
One major reason for the US’s hesitant stance is security. The US government prioritizes secure software development and the protection of the open-source ecosystem. The Biden-Harris Administration’s National Cybersecurity Strategy (NCS) emphasizes the need for secure software, including investments in memory-safe languages and secure software development techniques. Efforts to enhance OSS security are ongoing, with initiatives led by agencies like CISA.
OSS and The CrowdStrike Incident
The reluctance to adopt open-source software in the US was highlighted by the CrowdStrike incident, where a significant security breach exposed sensitive information. If CrowdStrike’s software had been open source, the security community could have identified and patched vulnerabilities much more quickly. Due to CrowdStrike’s closed-source functionality, IT teams struggled around the world with solving the mass BSODs within the incident much more than needed. Open-source software allows for more eyes on the code, increasing the likelihood of identifying security flaws before they can be exploited.
Advantages of Open Source as a Whole
Open-source software offers numerous advantages over closed-source alternatives. It promotes transparency, allowing users to inspect the code and understand how their data is being handled. This transparency can build trust and ensure that software behaves as expected without hidden functionalities. Open-source software also fosters innovation by allowing developers to build upon existing code, accelerating the development of new features and technologies. Moreover, it can lead to cost savings by reducing the need for expensive proprietary licenses and allowing for community-driven support and development. As Switzerland has demonstrated, embracing open-source software can lead to more secure, efficient, and transparent government operations, providing a model for other countries to follow.
Conclusion
Switzerland’s decisive move towards open-source software sets a compelling example of transparency, security, and efficiency in government operations. While the US recognizes the importance of OSS, its approach remains cautious, prioritizing security and coordinated strategies over broad mandates. As global digital infrastructure continues to evolve, the US may need to reassess its stance on open-source adoption to fully leverage the benefits seen in European counterparts. By understanding these dynamics, security professionals and policymakers can better advocate for more secure and transparent digital governance.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time –
https://www.netizen.net/contact