OPEN SOURCE AND CODE REUSE POLICY REQUIREMENTS - 4984.1

As part of the Open Source and Code Reuse policy, each Agency/state entity shall:

1. Evaluate, as part of the Project Approval Lifecycle alternatives analysis, existing state software solutions for all reportable and non-reportable IT projects. Alternatives analysis shall give preference to the use of existing state software solutions.
2. If alternatives analysis concludes that existing state software solutions cannot efficiently and effectively meet the needs of the Agency/state entity, the Agency/state entity must explore whether its requirements can be satisfied with an appropriate commercially-available solution or open source solution.
3. Use best practices to ensure custom-developed code, documentation, and other associated materials are delivered from developers throughout the software development lifecycle.
4. Create and maintain an enterprise code inventory that includes all new State of California custom-developed code and related information and make this information available to all other Agencies/state entities on an ongoing basis. See code.ca.gov for additional information.
5. Make custom-developed code broadly available for reuse across state government and make their code inventories discoverable through code.ca.gov, the California Department of Technology’s code repository, pursuant to the limited exceptions outlined in SAM Section 4984.2.
6. Maintain and frequently update all custom-developed code available in the code repository to ensure code integrity.
7. Whenever possible, secure the rights necessary to make code custom- developed by the State of California available to the public as OSS, pursuant to the limited exceptions outlined in SAM Section 4984.2. Each Agency/state entity’s Chief Information Officer (CIO), with consultation from the Agency/state entity’s Information Security Officer (ISO), is responsible for determining if the Agency/state entity’s custom-developed code will be shared with the public as Open Source Software (OSS) and controlling public access through the Department of Technology’s code repository. Agency/state entities must attribute Copyleft licenses (e.g. GPL v.3) to all custom-developed code made OSS to prohibit the creation of proprietary derivative software.