I came across an NPR Article this morning discussing malware believed to have been installed by China on many small office / home routers across the United States.
National Cyber Director Harry Coker Jr. alluded to the fact that the US does the exact same thing by advising The House Select Committee on the Chinese Communist Party to “continu[e] operating with confidence, not yielding the initiative, not merely staying on the defensive, but being as strong as the United States has always been”
The vulnerability that was exploited was “outdated Cisco or NetGear devices that were no longer subject to software updates.” These vulnerabilities were present because proprietary equipment and software was no-longer being maintained. This is far less likely to have occurred with routers using FLOSS, like OpenWRT. Such routers regularly receive updates for many years after the original equipment manufacturer has stopped supporting them.
Only with FLOSS hardware, software, and shared standards can nation states have digital sovereignty, compatibility, and security. If all sides are using the same FLOSS standards, then they can host their own services without dependence on a foreign tech sector, they can maintain international compatibility, and any vulnerabilities affect all parties equally. Therefore, it is in the best interest of each party to contribute fixes which ensure their own infrastructure is secure, and simultaneously provide security & functionality to each other party.
Yes, and who pays the guys who have the decision power when it comes to FLOSS vs non-FLOSS? Those exact same proprietary vendors. There’s nobody lobbying around for FLOSS because there’s no money.
Ah, I see how what I wrote before didn’t clearly express what I was thinking, and didn’t address the issue of private contractors intentionally pushing for bloated contracts.
If public money for public code is mandated at the federal level, then private contractors would be bidding for work that ends up in the public domain. I am assuming that wasteful & bloated contracts will be underbid by contracts that fork or add features to existing projects. Either way, if the end result is in the public domain, then the project is still reusable.
I definitely don’t believe that such a mandate would be easy to implement, or separate from a wider policy platform. I see private capital influencing government decisions as the crux of the problem with passing such a mandate. However, private capital influencing government decisions is an issue that unites many activists, organizations, and social movements. If FLOSS can be integrated into organizations and social movements pushing for institutional reform, then that might be a viable pathway toward meaningful policy change.