Bulgaria recently mandated that all code developed for its government must be open source, as Jonathan Chadwick reported. Superficially, this seems like Bulgaria just punted Microsoft, Oracle, and the like out of the country, but that’s not quite what happened. It is precisely the “not quite” that makes Bulgaria’s position tenable and something to emulate, rather than a wholesale mandate that would be as dumb today as it was a decade ago when people first proposed them.

And, with the US considering a similar policy, Bulgaria just became highly relevant to software policy on a global scale.

What Bulgaria did

Let’s look at the exact wording for Bulgaria’s new law (Article 58a), nicely excerpted for us by Bozhidar Bozhanov, advisor to the deputy prime minister of Bulgaria. When a contract includes the development of computer programs:

a) computer programs must meet the criteria for open source software;

b) all copyright and related rights on the relevant computer programs, their source code, the design of interfaces and databases which are subject to the order should arise for the principal in full, without limitations in the use, modification and distribution.

Importantly, this only relates to the development of code for the Bulgarian government. As Bozhanov insists, “That does not mean that the whole country is moving to Linux and LibreOffice, neither does it mean the government demands Microsoft and Oracle to give the source to their products.” Why? Because “Existing solutions are purchased on licensing terms and they remain unaffected.”

SEE The US government buys into open-source programming (ZDNet)

The Bulgarian government will continue to buy proprietary software, in other words. It just doesn’t want custom code to be such.

“It means that whatever custom software the government procures will be visible and accessible to everyone,” Bozhanov wrote. “After all, it’s paid by tax-payers money and they should both be able to see it and benefit from it.”

This makes sense, and falls far short of the mandate-happy free sourcerors of yesteryear.

Preferences, not mandates

Though it makes sense that governments should not be beholden to any particular vendor (and its licensing terms), it’s equally true that governments should be free to adopt whatever software best meets the needs of its citizens. Buying open source products simply because they’re open source is wrongheaded and bad policy. Yet five to 10 years ago, that was all the rage.

Fortunately, it has died down. As I argued in 2009 (while working for an open source company), “Preferences retain flexibility to fit the right tool for the job, while still encouraging open-source adoption. Mandates, like any form of coercion, tend to breed rebellion.”

SEE Why AWS Lambda could be the worst thing to happen to open source (TechRepublic)

Bulgaria’s position is more pragmatic than a wholesale mandate, though it probably goes too far in insisting that all custom code be open source. Custom code developed by a proprietary vendor, for example, may need to remain under the same license as the software to which it attaches, depending on the interaction of the custom code with the software package.

Regardless, some of the reasons for having it open source simply don’t hold up. Bozhanov speculates, “With opening the source we hope to reduce [security] incidents, and to detect bad information security practices in the development process, rather than when it’s too late.” This is a nice theory, but one that has a sketchy relationship with reality. Heartbleed and other colossal bugs clearly taught us that open source doesn’t tend to lead to more secure software. What it does, however, is make bugs easier to fix once they have been found.

At any rate, it will be interesting to see how Bulgaria fares with this new policy. Other countries, including the US, should watch and learn from its successes and failures, and consider similar policies.