GDS weighs in on the NHS's decision to retreat from Open Source

The Government Digital Service (GDS) has advised the NHS to maintain an "open by default" policy for its code repositories, countering the NHS's decision to close access following security vulnerabilities reported during Project Glasswing. GDS argues that making repositories private increases costs and reduces opportunities for reuse and scrutiny, recommending that closure be used only sparingly. Terence Eden interprets this public guidance as a rare and significant escalation of an internal civil service disagreement.

GDS weighs in on the NHS's decision to retreat from Open Source Terence Eden continues his coverage of the NHS' poorly considered decision to close down access to their open source repositories in response to vulnerabilities reported to them as part of Project Glasswing.Now the Government Digital Service have joined the conversation with AI, open code and vulnerability risk in the public sector, published May 14th. Their key recommendation: Keep open by default. Making everything private adds additional delivery and policy costs, and can reduce reuse and scrutiny. Openness should remain the default posture, with closure used sparingly and deliberately. While they don't mention the NHS by name, Terence speaks the language of the civil service and interprets this as a major escalation: Within the UK's Civil Service you occasionally hear the expression "being invited to a meeting without biscuits". It implies a rather frosty discussion without any of the polite niceties of a normal meeting. In general though, even when people have severe disagreements, it is rare for tempers to fray. It is even rarer for those internal disagreements to spill over into public. Tags: open-source, security, ai, generative-ai, llms, gov-uk, terence-eden, ai-ethics, ai-security-research