Bulgaria adopted a law on the forced publication of source codes of state software

Like some other Eastern European countries, Bulgaria has suffered for many years from the fact that government orders for software development are “sawn out” between approximate firms that belong to relatives and friends of officials. Gostenders became a formality. Bribery, cronyism and kickbacks flourished.

Officials and the public who were not involved in the feeding trough section tried in every way to fight this. The press published stories about tenders for 300,000 euros for the development of a static site and so on. Nothing helped, the history of the "cuts" repeated again and again.

Nevertheless, the open-source activists managed to achieve their goal. Despite the strong opposition of individual officials, they achieved the adoption of amendments to legislation , according to which henceforth state orders contractors are obliged to publish in open access the source codes of all programs developed for budgetary funds.

According to the text of the Law on Electronic Governance , when preparing technical and functional tasks for holding public tenders for developing computer programs, the administrative authorities are now obliged to include the following requirements in the terms of reference:
')

1. Computer programs must comply with the principles of open-source.
   
   
2. All copyright and related rights to the relevant computer programs, their source code, the design of interfaces and databases that are the subject of a state order, must be presented to the customer in full, without restrictions on the use, modification or distribution.
   
   
3. The development should be carried out in a repository maintained by the Agency, in accordance with clause 18 of Article 7c (a public national repository and version control system - most likely, its mirror will be placed on Github).

The requirements of the law do not apply to the purchase of licenses, that is, state structures still have the right to purchase, for example, proprietary software from Microsoft and Oracle instead of LibreOffice and similar free software. However, this is a step in the right direction.

The discovery of the source code of state development is a logical and correct requirement. If the society pays for the work, it has the full right to its results, that is, the source codes in the public domain.

Amendments to the law could be carried out despite warnings from certain “specialists”. For example, the executive director of Information Services JSC (this company received the lion’s share of government orders for the development of information systems), Professor Mikhail Konstantinov, said on television that in no case can one publish source codes. For example, opening a program code to count votes in an election “will allow anyone to hack the system”.

But supporters of open-source managed to prove their position reasonably that the “security through obscurity” method is not the best way to ensure security. In recent years, many vulnerabilities have been found in government websites and information systems, and the bugs found have remained unclosed for a long time, simply because the contract with the contractor has expired. Static sites for 300,000 euros fell under the slightest load.

The publication of the source codes of all projects should reduce the number of such incidents and reduce the number of abuses.

Bulgarian activist Bozhidar Bozhanov, who took part in the promotion of amendments to the legislation, warns that the adoption of the amendments does not mean their observance. Large contractors will probably try to bypass them and find loopholes so as not to spread the source code. Therefore, close public scrutiny is required.

Bozhidar Bozhanov expressed the hope that other countries will also follow the example of Bulgaria in this “radical” approach to the fight against corruption and kickbacks in the field of government orders for IT.