Work generated at CBP falls within the U.S. public domain, unless license rights are stipulated in a supporting, CBP-offical contract.
Our default LICENSE file for projects acknowledges that our work is in the US public domain, and uses CC0 to waive copyright internationally.
Our default CONTRIBUTING file informs contributors that their contributions will be licensed under the same terms.
However, certain projects will require the usage of licensed open source software not created by CBP. Some open source licenses make source code available under different terms and conditions. These terms and conditions specify how the code may be used, modified, or shared. When users modify 18F code, they should review and understand the terms of the open source license in question.
Each project may need to modify or extend the above LICENSE and CONTRIBUTING files as needed for its own circumstances.
There is a misconception that FOSS that is distributed to the public should not be integrated or modified for use in sensitive systems. On the contrary, FOSS is often preferred for use in sensitive systems, due in part to its increased auditability. In other words, security in FOSS must be designed never to rely on obscurity in how the code works.
In addition, while open source licenses permit the user to modify FOSS for internal use without obligating them to distribute source code to the public, when the user chooses to distribute the modified FOSS outside the user's organization, then the code is subject to whatever license it carries.
The conditions where code shall not released in the open are:
-
The U.S. Government does not have the rights to reproduce and release the item.
-
The public release of the item is restricted by other law or regulation, such as the Export Administration Regulations or the International Traffic in Arms Regulation.
-
Source code contains proprietary, sensitive, PII, or mission-critical information.
These decisions will be made as needed by CBP, which will lead an interdisciplinary team to review the conditions under which code will be made available publicly.
CBP would like to thank 18F, Consumer Financial Protection Bureau, Department of Defense, and Office of Management and Budget for their work in blazing the path for the use of FOSS in the Federal Government.
This policy is a living document. CBP expects to make changes to this policy in the future, and we welcome issues and pull requests. To contact us privately, email us.