Visit Scotland | Alba

1. Introduction

1.1    Open Source software is software with source code that anyone can inspect, modify, and enhance.

1.2    Coding in the Open is the principle where code is open sourced, such that it can be reviewed by external parties.

1.3    As part of Scottish Government Open Source and Open Standard Policy Strategy document ‘Where software is produced in-house by the Scottish public sector, or through publicly funded research and development projects, consideration should be given to making this available as Open source software‘.

1.4    According to Digital First Service Standards, we should also ‘Make all new source code open and reusable, and publish it under appropriate licences (or provide a convincing explanation as to why this cannot be done for specific subsets of the source code)’.

1.5    It is a requirement of the Digital First Service Standard’s to have an Open Source Coding Policy.

2. Purpose and scope

2.1    This policy will cover the Open Source Policy including the legal policy.

2.2    Implementation of this policy will be detailed in the Open Source Plan document.

2.3    For new digital codebases, we’ll be taking a “coding in the open” approach, which will improve collaboration and knowledge sharing. Making source code open and reusable is one of the Government Design Principles, and GDS (Government Digital Service) notes that this approach has a number of benefits, including enabling shared learnings.

2.4    The files in question may be sanitised to remove key data such as software/service version information or third party SAAS access keys that could reveal sensitive configuration options that makes our system vulnerable to outside manipulation. This will give third parties full visibility of the source code where they can use our solutions in their own projects and perhaps even collaborate or contribute, if appropriate.

3. Policy statement, commitment, and responsibilities

3.1    An Open Source Steering Group will be created to review and guide VS staff on implementation of this process. Their role will be to periodically review this policy document and the progress of its implementation.

3.2    VS staff will open source all new digital projects. To accomplish this, we'll be publishing our source code to GitHub and applying an open source MIT license.

3.3    A process will be put in place to assess security considerations and ensure that any sensitive parts of the source code, such as keys to external and internal APIs, will not be published.

3.4    VS will ensure that relevant training is provided to support VS staff in the implementation of this policy and ensure that the creation of required processes is put in place and followed.

3.5    The UI Developers and Software Engineering teams will be required to implement this policy, with help from a wider technical team. Implementation will be required by Scrum teams.

4. Principles and legislative framework

4.1    The general principle of Coding in the Open will apply to this policy document.

4.2    The MIT license will be the select license for this policy.

4.3    Following Digital First Service Standards.

5. Relationship to other VS policies

5.1    Any project that open sources its code should follow our Cybersecurity processes and protocols.

6. Training

6.1    We are currently looking at what training will be required for this policy, this will be review by the Steering Group.

7. Monitoring and review

7.1    A Working Group of Software Engineers, UI Developers and WebOps will convene every 3 months to review implementation.

7.2    If Scottish Government changes policy with regards to Open Source then we will review more actively.

7.3    Forms, plans or procedures can be appended to the policy to aid updating.

Related links

Our best value policy

Find our best value policy, containing the measures we take to deliver best value in our services, including our policy, responsibilities, and…

Our data protection policy

This policy ensures that all personal data is processed fairly, lawfully, in a transparent manner, and in compliance with data protection and privacy…