Eden: NHS goes to war against open source

Terence Eden reportsthat the UK's NationalHealth Service (NHS) is preparing to close almost all of its open-source repositories as aresponse to LLM tools, such as Anthropic's Mythos, becoming moresophisticated at finding security vulnerabilities. He does not, to putit mildly, agree with the decision:

The majority of code repospublished by the NHS are not meaningfully affected by any advancein security scanning. They're mostly data sets, internal tools,guidance, research tools, front-end design and the like. There isnothing in them which could realistically lead to a securityincident.

When I was working at NHSX during the pandemic, we were soconfident of the safety and necessity of open source, we made sure theCovid Contact Tracing app was open sourced the minute it was availableto the public. That was a nationally mandated app, installed onmillions of phones, subject to intense scrutiny from hostile powers -and yet, despite publishing the code, architecture and documentation,the open source code caused zero securityincidents.

Furthermore, this new guidance is in direct contradiction to theUK's TechCode of Practice point 3 "Be open and use open source" whichinsists on code being open.