Comment by mystraline
6 days ago
Governments should have access to all the source of code they buy licenses to (and provided at sale), as a precondition of selling to a government.
When these sorts of things happen, the source can be subpoena'd with the relevant legal tool, and reviewed appropriately.
Why governments don't do this is beyond me. It greatly limits liability of gov procurement, and puts the liability on the companies selling such goods.
Governments don't do get source code for the same reason as every other customer doesn't get source code: software vendors are incentivized to refuse the request.
Why are the vendors so incentivized? Well, coming back to Fujitsu and the Post Office, the answer is that refusing to share the source was worth about a billion dollars: https://www.bbc.co.uk/news/articles/cgm8lmz1xk1o
This is why it's unethical for governments to use closed source software. Anything related to government functioning should be auditable.
Then they shouldn't get the contract.
I hope lessons are learned, but I doubt it.
Governments (certainly in the UK) aren't willing to pay enough to make this work for vendors.
An escrow approach is quite common to protect the government in the event of a vendor going bankrupt or similar.
> Why governments don't do this is beyond me.
Brown envelopes most likely and de facto non functioning SFO.