(Proposed) Principles of Open Source for NRENs
Add a preamble?
NRENs / RENs hereafter are to be referred to as ‘We’:
- We believe that digital sovereignty cannot be achieved without a robust open-source infrastructure.
- We will actively contribute to open source developer communities with code and financing especially where code is used by NRENs and their communities.
- We will foster co-creation in NREN communities to help build public services across organisational silos and boundaries, including support for capacity to create our own code.
- We will support open source projects with sustainable business plans outside of project funding.
- We will support sustainable infrastructure for services built on open source software
- We will support and promote open source alternatives to proprietary services.
- We will position procurement activities to be welcoming to open source initiatives.
- We will provide mechanisms to support the legal, licensing and IPR issues faced by open source projects.
- We will make sure the code we use and the code we share is free from vulnerabilities by applying continuous security testing.
- We support these actions around open source as part of a mixed ecosystem, selecting and working with both open and closed environments to best meet the needs of the NREN community.
References:
- Digital Decade: https://commission.europa.eu/strategy-and-policy/priorities-2019-2024/europe-fit-digital-age/europes-digital-decade-digital-targets-2030_en
- EU Open Source Strategy: https://commission.europa.eu/about-european-commission/departments-and-executive-agencies/informatics/open-source-software-strategy_en#opensourcesoftwarestrategy
- Digital Sovereignty: https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/the-european-union-and-the-search-for-digital-sovereignty/
- EU Interoperability Act: https://ec.europa.eu/commission/presscorner/detail/%20en/ip_22_6907.
- Sustainable Development Goals: https://www.undp.org/sustainable-development-goals
- Public Money Public Code: https://publiccode.eu/en/
- Sovereign Tech Fund: https://sovereigntechfund.de/de/.
FOSSEPS Critical Open Source Software Study Report: https://joinup.ec.europa.eu/collection/fosseps/news/fosseps-critical-open-source-software-study-report.
- Infrastructures for Quality Research Software Task Force: https://www.eosc.eu/advisory-groups/infrastructures-quality-research-software.
1 Comment
Rogier Spoor
Well done Nicole Harris !
Some small suggestions. Under 2 is mentioned "contribute" and "finance" but I like to stress that regular maintenance is important for sustainability of a project. Also important to get security issues fixed when reported/detected.
Item 7 is a bit vague to me, not clear what this would deliver
Item 9 "continuous security testing" sounds sexy but if you don't have people involved that review the output it won't help. In practice I would advice to have regular security audits done on open-source code, they are much more profound
Item 9: publishing a SBOM (https://en.wikipedia.org/wiki/Software_supply_chain) helps making transparant which liberaries are used, it also shows version numbers so people can easily verify if outdated an insecure components are used.