Since the Heartbleed bug was exposed in April, one thing has become apparent: the underlying infrastructure of the Internet—and the applications and services that rely on open source projects like SSL and TLS to operate—are extremely vulnerable. And now, many network professionals believe that the only way to make it more secure is to provide oversight into the underlying infrastructure of the Web.
While it’s generally agreed that a special task force is needed to oversee the technical stability of the Internet, the question remains as to whether the task force should be public or private. Some argue that we need an official U.S. department of code, while others believe that this is a big step in the wrong direction.
Just like the USDA inspects food to prevent unsafe and unsanitary conditions for the public, a U.S. department of code would create established software standards that are enforceable by law. This would place more responsibility on developers to discover and fix bugs before software is released.
One example that advocates of a U.S. department of code often bring up is the growing reliance of software in vehicles. For instance, automobiles are required to comply with federal regulation. At the same time, they typically use unregulated software. Often, software bugs appear after a car has been cleared for use, resulting in possible unsafe driving conditions and recalls—a process that affects businesses, consumers, and the safety and wellbeing of the general public.
Regulation would also mean that companies would be held to strict standards established by the federal government. Applications and software would have to comply with government expectations—and thus, inspectors—in order to be cleared for use. And not everyone is happy about this idea.
Critics of a U.S. department of code believe that federal regulation will stifle innovation and delay releases. Consider a company like SpaceX, for instance, who is able to accomplish more in less time than it takes for federally-funded NASA to do so. Projects would be slowed down considerably.
Further, there is also the threat of exposing proprietary information to the federal government by having to submit source code. Many developers do not want anyone to see their plans extended to anyone outside of their team.
Right now the closest thing to a U.S. department of code is the Linux Foundation, a new project designed to fund and support digital infrastructure. Comprising industry heavyweights like Amazon Web Services, Cisco, Dell, Facebook and Google, among others, the purpose of the body is to enable technology companies to work together to discover and fund open source projects that need assistance. But it is not a governing agency, and it allows open source developers to work and create projects without having to conform to concrete standards.
Do you think we need to go a step further and require open source developers to conform to federal standards? We want to hear your opinion.