Measuring government policy on open source with a new dataset

Policymakers around the world are developing policies that impact how software gets built and who gets to build it. GitHub Policy works to represent the interests of developers and software innovation. One way we do so is to support research and data to inform policy development. We’re proud to support the Center for Strategic and International Studies (CSIS) to refresh their government policies on open source software dataset.

The dataset is a catalog of public policies around the world that touch on open source software, dating back to 1999. CSIS created this dataset and updated it for years, with the seventh and (until now) most recent coming in 2010. Over the years, this dataset has provided a resource for developers and researchers alike. For example, a previous version was used in research showing the contributions of GitHub activity to start-up formation around the world. We’re excited to see what the community does with this latest version.

Since the dataset was first launched, governments are increasingly learning that “contributing upstream” gives them greater security and influence on the software upon which they rely–just as companies have–and with the range of contribution tools available to governments. The German Sovereign Tech Fund is an exciting example of government support for maintainers of critical open source projects. The role open source plays in cybersecurity, innovation, and service delivery makes it essential for governments to consider impacts on open source when developing broader tech policies, of which two in process examples are the EU’s proposed Cyber Resilience Act and AI Act. Given these developments, it’s more pressing than ever that we have good data about government policies on open source around the world.

Last month, GitHub’s Chief Legal Officer, Shelley McKinley, joined a panel at CSIS to commemorate the launch of the dataset, with Laura Cunningham of the Open Technology Fund, Allan Friedman from the U.S. Cybersecurity and Infrastructure Security Agency, Frank Nagle of Harvard Business School, and Eugenia Lostri, who co-authored the dataset. The discussion highlighted increasing attention on open source within cybersecurity, measuring open source impact, and the importance of efforts to support communities who maintain and use open source software.

Together with CSIS, we’re excited to see how the community contributes to and builds upon the dataset. Have you come across another policy that mentions open source in your country? Are you interested in expanding the dataset to account for implementation and contributing initial findings? Have an idea for cross-referencing with other datasets? An idea for research leveraging the dataset? Open an issue or pull request!