Eden: NHS goes to war against open source
The NHS is planning to close most of its open-source repositories due to concerns about advanced LLM tools identifying security vulnerabilities. Terence Eden criticizes the move, arguing that the majority of the repositories contain non-sensitive materials such as datasets and design tools. He highlights that past open-sourcing efforts, like the Covid Contact Tracing app, did not result in security incidents and were aligned with the UK's Tech Code of Practice.
- ▪The NHS is preparing to shut down nearly all of its open-source repositories over security concerns related to LLM tools.
- ▪Terence Eden argues that most NHS open-source repositories contain low-risk content like datasets, guidance, and front-end design.
- ▪The decision contradicts the UK's Tech Code of Practice, which mandates openness and the use of open source.
- ▪The NHS Covid Contact Tracing app was fully open-sourced upon release and experienced no security incidents despite intense scrutiny.
- ▪Eden previously worked at NHSX and supported open-sourcing critical tools during the pandemic.
Opening excerpt (first ~120 words) tap to expand
Terence Eden reports that the UK's National Health Service (NHS) is preparing to close almost all of its open-source repositories as a response to LLM tools, such as Anthropic's Mythos, becoming more sophisticated at finding security vulnerabilities. He does not, to put it mildly, agree with the decision: The majority of code repos published by the NHS are not meaningfully affected by any advance in security scanning. They're mostly data sets, internal tools, guidance, research tools, front-end design and the like. There is nothing in them which could realistically lead to a security incident.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at LWN.net (Linux Weekly News).