Standard for Public Code

Code in the open


  • All source code for any policy and software in use (unless used for fraud detection) MUST be published and publicly accessible.
  • Contributors MUST never upload sensitive information regarding users, their organization or third parties to the repository. Examples of sensitive information include configurations, usernames and passwords, public keys and other real credentials used in the production system.
  • Any source code that is not currently in use, such as new versions, proposals or older versions SHOULD be published.
  • The source code MAY provide the general public with insight into which source code or policy underpins any specific interaction they have with your organization.

Why this is important

  • Improves transparency
  • Increases code quality
  • Facilitates auditing processes

What this does not do

  • Make source code or policy reusable
  • Make the codebase and the code inside it understandable to as many people as possible

How to test

  • The source for any version currently in use is published on the internet where it can be seen from outside the original contributing organization and without the need for any form of authentication

Policy makers: what you need to do

  • Develop policies in the open
  • Prioritise open and transparent policies

Management: what you need to do

  • Develop a culture that embraces openness, learning and feedback
  • Collaborate with external vendors and freelancers through working in the open

Developers and designers: what you need to do

  • Clearly split data and code, in order to meet the requirement about sensitive information above.

Further reading