Members of the open-source community have welcomed new legislation from Bulgaria that says software written for the country's public sector should be open source. They argue that the amendment its parliament passed in early July will trigger better software, lower costs, and greater transparency.
Bulgaria could be a testbed for other European countries interested in the idea of going open source, they say; other governments might watch what proves effective in this central-European country and learn from any mistakes.
Bozhidar Bozhanov, adviser to Bulgaria's deputy prime minister, says local software companies could also export the resulting products and services and earn some money in return.
"'We've built this top-quality thing for the Bulgarian ministry of X, and we can offer you the service of installing and supporting it for a low price'. That's a fair business model," Bozhanov says.
Bulgarians have already started to implement the new legislation: three software projects at the pre-tender stage have already received open-source requirements.
The agency that will supervise public open-source software will be operational by the end of this year, and one of its tasks will be to create a public repository similar to GitHub, where the code will be available for anyone to review. Until then, companies can use the Bulgarian government's GitHub space.
The agency will publish a set of responsible disclosure rules and there will be a bug-bounty program, Bozhanov says. "Whether it will be financially awarded or not is a budget and/or political matter, but there will be such a process," he adds.
The advantages of going open source are numerous, Bozhanov says. Most importantly, the new legislation will bring better written software, and developers will follow better practices.
"Currently there's nobody inspecting the quality of the code or the architecture, and companies can get away with pretty low-quality solutions," he says.
Open source will also offer more affordable software, with less money spent on support and fewer new projects commissioned simply because the old ones didn't work properly.
Also, government contractors will be able to reuse the code when working on a common piece of functionality, without having to reinvent the wheel every time.
"Companies will no longer be able to sell open-source solutions as complex custom software, which has [previously] happened," Bozhanov says.
The new legislation will also bring transparency, a vital factor in a country dealing with corruption: from now on, tech contracts signed with the public sector will be available online.
When it comes to cybersecurity, going open source is a wise decision for Bulgaria, as long as the country takes some precautionary measures and the legislation does not apply to critical government infrastructure, Liviu Arsene, senior e-threat analyst at Bitdefender, says. Bulgaria has already announced that intelligence agencies are exempted from this legislation.
Arsene believes that an immediate benefit of the new measure is that it could help prevent vulnerabilities going unpatched for years: "One main advantage is that the security community can constantly report new vulnerabilities and make sure information that the government handles is actually safe from attackers."
Still, he raises a flag: "Having source code publicly available means that attackers can thoroughly study it and try to exploit vulnerabilities to hit the branch of government where it's being used."
But public sector software might be safer than before, because software companies will also work harder to deliver better quality code, according to Bulgarian Linux advocate Slavey Karadzhov.
"[That's] simply because a lot of people will be looking at the finished product and will be able to pinpoint issues in the software product," he says.
"This is definitely a change in the right direction and it may open the door for other changes or laws that can give bigger support for using open source," Karadzhov adds.