OPEN SOURCE AND CODE REUSE POLICY REQUIREMENTS - 4984.1
Legal Authority
Government Code 11545 and 11546
Definitions
Reference SAM 4819.2
Policy
Nothing in SAM Section 4984 shall be construed to require state entities to make custom developed-code available as Open Source, if, on the facts of the particular case, disclosure of that code would reveal vulnerabilities to, or otherwise increase the potential for an attack on, information technology assets of a state entity.
The exceptions provided below may be applied, in specific instances, to exempt a state entity from sharing custom-developed code with other state entities. Any exceptions used must be approved and documented in the enterprise code inventory by the state entity’s Chief Information Officer (CIO) for the purposes of ensuring effective oversight and management of information technology resources.
Applicable exceptions are as follows:
- The sharing of the existing or new source code is restricted by law or regulation, including—but not limited to—patent or intellectual property law, the Export Asset Regulations, the International Traffic in Arms Regulation, and the Federal laws and regulations governing classified information.
- The sharing of the source code would create an identifiable risk to the detriment of national security, confidentiality of Government information, or individual privacy.
- The sharing of the source code would create an identifiable risk to the stability, security, or integrity of the state entity’s systems or personnel.
The sharing of the source code would create an identifiable risk to the state entity’s mission, programs, or operations.