Yes, I think all government software should be FOSS.

(Ok, ok. Not all. I don’t think it should be mandatory to distribute software. But if you do distribute software, I think the source code should be required to come with it and there shouldn’t be any intellectual property restrictions on modifying it or distributing it, with or without modifications so long as you include the source code. Aside from that, distributing versions with malware included without sufficiently advertising that fact should be considered some sort of fraud or vandalism.)

But I’m under no illusion that there’s any likelihood of that happening any time in my lifetime. One can hope, though.

Of your “possible challenges”, the first two are complete fiction. FOSS would make it easier to properly maintain and update systems, complex or otherwise. And databases and code are two different things. Beyond that, I’ll say that distributing software only in compiled form doesn’t make anything more secure or hide anything about how the code works.

Edit: Oh, I also think a right to attribution is a good thing. It can be done poorly. (Like some of the earlier BSD licenses that would result in pages and pages of attribution for a single code project.) But done well, I think it’s a worthwhile thing.

Any even partially publicly funded government code should be open sourced, just like the new rules for public funding and publishing of scientific research. If people actually paid attention this would crush my former local government department.

Yes, in the same way all research funded by the public should be open. If you pay for a dataset to be gathered and only one team gets to use it you have wasted money. Make the dataset open, make all the methods open, and it can be used multiple times, increasing the return on investment. In the same way if someone is working on security auditing for something like OpenSSH anyone who uses it benefits. You pay once for the work but get benefit for all who use it.

This also makes standardising easier because of the common tools so you can have cross department access without unnecessary technical barriers. For example, making a standard format for data in a SQL database means you can access multiple datasets and correlate them, allowing the study of important issues with minimal fuss. You can even create standards for accessing this data to make it much safer to use without exposing people’s personal information.

On the flip side you could have Microsoft and other similar companies decide what is worth investing in and just hope their system will work. If there is a security issue you just have to wait for them to patch it assuming they identify it. If they stop supporting something you can’t keep using it with external support because you don’t have the code.

Honestly, it is also a national security risk. Using a vendor from another country means you have someone who can access your data with software you cannot audit who is potentially influenced by the government of another country and you just have to trust them. I cannot understand the use of Windows in military applications. Honestly, asking the fox to guard the hen house. Why would you let the USA have access to your systems with the plausibly deniability of a company like Microsoft in between? Sounds like lazy writing for a military fantasy novel, not modern foreign policy.

All publicly available software should be free and open-source, ten toes down.

I think all public funds that generate data and/or software needs to be public.

The notion that maintenance is an issue is a red herring. Proprietary software purchased by government requires ongoing support contracts right until the vendor discontinues the product and leaves the public funds to prop up another billionaire.

Open source would also stimulate the economy since businesses could benefit from the project and use or apply it to their use, something which currently requires more investment with the same vendor.

yeah i think all government software available to the public should be free and open source.

Do you mean software created by the government, or simply used by the government?

In the US, I believe the standard is that the software would be public domain if it’s an official government publication.

Couldn’t people look through the code for exploits?

Within reason.

A nice little application to calculate tax and benefits? For sure.

A detailed model on how a nuclear attack would behave depending on the wind direction and tidal waves? That shit needs to be kept secret.

Removed by mod

Estonia: digital government services with open and auditable APIs.

What makes an API auditable?

Yes. Public funds for only public code. Any and arguments involving security are invalid.

Ken Thompson’s nightmare scenario was solved by a couple people who were enjoying their hobby in their free time and not by any of the military programs that have to date spent over $22 Billion and have achieved far less.

Removed by mod

OP, what do you mean by the following two challenges

1. Maintenance and updating of complex systems.
2. Protecting sensitive data without compromising citizen privacy.

Not only should the source code be available, but they need to be Free Software (licenses such as GPL, Apache, etc.).