News: 0175775811

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Bill Requiring US Agencies To Share Custom Source Code With Each Other Becomes Law

(Friday December 27, 2024 @05:42PM (BeauHD) from the no-more-dupes dept.)


President Biden on Monday [1]signed the SHARE IT Act ( [2]H.R. 9566 ) into law, [3]mandating federal agencies share custom-developed code with each other to prevent duplicative software development contracts and reduce the $12 billion annual government software expenditure. The law requires agencies to publicly list metadata about custom code, establish sharing policies, and align development with best practices while exempting classified, national security, and privacy-sensitive code. FedScoop reports:

> Under the law, agency chief information officers are required to develop policies within 180 days of enactment that implement the act. Those policies need to ensure that custom-developed code aligns with best practices, establish a process for making the metadata for custom code publicly available, and outline a standardized reporting process. Per the new law, metadata includes information about whether custom code was developed under a contract or shared in a repository, the contract number, and a hyperlink to the repository where the code was shared.

The legislation also has industry support. Stan Shepard, Atlassian's general counsel, said that the company shares "the belief that greater collaboration and sharing of custom code will promote openness, efficiency, and innovation across the federal enterprise."



[1] https://www.whitehouse.gov/briefing-room/statements-releases/2024/12/24/press-release-bill-signed-hr-663/

[2] https://www.congress.gov/bill/118th-congress/house-bill/9566

[3] https://fedscoop.com/agencies-must-share-custom-source-code-under-new-share-it-act/


Aww shucks (Score:2)

by DrMrLordX ( 559371 )

The NSA is exempted. What a shame.

Re: (Score:1)

by africanrhino ( 2643359 )

What could go wrong with police, ice and irs sharing code.

OK, but what about maintenance? (Score:2)

by david.emery ( 127135 )

Suppose Agency A and Agency B share some code. Do they know about each other? Is one agency charged with maintaining the code, or would each agency establish a fork and maintain its own baseline going forward? Who sets priority for changes/bug fixes? What happens when each agency wants to take the software in a different direction? Also, what about porting? Software developed for deployment environment A won't necessarily port to environment B without some effort. (That's true even across Linux versi

and now can 3rd party vendors bill an big fee for (Score:2)

by Joe_Dragon ( 2206452 )

and now can 3rd party vendors bill an big fee for license violations?

Saying that that code was only licensed for Agency A and now that Agency B is useing that will be an fine of $2000 per workstation

Re: (Score:3)

by StormReaver ( 59959 )

> ...and now can 3rd party vendors bill an big fee for license violations?

My reading of the bill is that 3rd parties paid by the Federal government to write custom code for the government must allow for this type of sharing.

This is hugely GOOD (Score:2)

by Baron_Yam ( 643147 )

Back in the day I made a lot of money on the side because I'd write something for the agency I worked for, and then several others decided they'd rather get authorization to 'borrow' me, and pay me contractor rates to deploy and configure it for them than re-develop it in house.

We all were getting paid by the same taxpayer and that would have just been a ridiculous waste. Sure, I got paid more for extra installations, but somebody was going to get paid for that part regardless.

If they have efficient commun

Re: (Score:2)

by markdavis ( 642305 )

> "I'd write something for the agency I worked for, and then several others decided they'd rather get authorization to 'borrow' me, and pay me contractor rates to deploy and configure it for them than re-develop it in house."

This doesn't change that at all. You would be paid to, as you said, "deploy and configure it" again. That isn't the same as writing the code over again.

This is mostly just a means for agencies to discover that code is available for their use that they might not have known about, thr

Re: (Score:2)

by Baron_Yam ( 643147 )

The second paragraph of my post was right there, just waiting for you to read it.

Privacy Sensitive Code ? (Score:2)

by Wrath0fb0b ( 302444 )

If the source code to your service is somehow privacy sensitive, I think something somewhere has gone horribly wrong.

Re:Privacy Sensitive Code ? (Score:5, Interesting)

by Errol backfiring ( 1280012 )

Code is not privacy sensitive, data is. Unless the code clearly violates privacy regulations, in which case it is good to have more eyes looking at the code or its effects.

Re: (Score:2)

by Snotnose ( 212196 )

> If the source code to your service is somehow privacy sensitive, I think something somewhere has gone horribly wrong.

It's got my login and password in it, I'd hate for that to get out.

<Knghtbrd> it's 6am. I have been up 24 hours
<Knghtbrd> Wake me up and risk life and limb.
* Knghtbrd &; sleep
<Tv> Okay everyone, we wait 10 minutes and then start flooding Knghtbrd
with ^G's. Someone, hack root and cat /dev/urandom >/dev/dsp.