Photo : Collected

DHAKA, Dec 04, 2025 (BSS) - The draft of 'National Source Code Policy, 2025' has been published on the ICT Division's website (ictd.gov.bd), with the tagline 'Public Money, Public Code'.

The policy aims to recognise the government-funded software as a national resource and ensure public interest-based ownership, security, transparency and reusability of software developed with public money.

The policy is applicable to government-developed or adopted software systems, applications, apps, APIs and digital services funded by the national budget, foreign loans or development partners implemented under the government. 

It is mandatory to follow the policy for all ministries or divisions or directorates or statutory, autonomous and semi-autonomous entities, a handout said. 

The main provisions of the policy are:

The source code, documents and related software components of all government-funded software shall be preserved in the National Source Code Repository managed by the Bangladesh Computer Council under the supervision of the appropriate authority. No unreliable software shall be deployed in production until the relevant source code is stored in the repository. There are instructions to ensure detailed traceability and auditability in the repository. If necessary, there are instructions to establish an escrow system.

The concerned organisation shall adopt the "Reuse First" method before starting development of new software. There is a provision to mandatorily reuse the existing close solutions and to inform the authority in writing of the rationale for not reusing.

As a basic principle of the policy, the source code owned by the government should be considered as generally open source unless an exemption is granted under the principle of 'public money, public code'. 

In cases of national security or defense, confidentiality or special cases, the authority may exempt from disclosure in such specific cases, but there will be no exemption from maintenance through the repository. Provisions for written justification, registration, public code registry, and periodic review have been made for exempted systems. A policy for using approved licenses for open source code has been set.

For formulating and monitoring secure coding guidelines, a Standard Coding Guideline Committee-based framework has been proposed. It is mandatory to follow the approved CI/CD pipeline in software deployment - including automated testing, vulnerability scanning, license verification, and manual approval before releasing to production. 

The repository will be managed under 'Role Based Access Control' (RBAC) and there is a provision for signing a government-approved NDA before access is granted to contributors or maintainers or approvers or auditors.

There are instructions to classify datasets related to government software into three categories - Open, Restricted, and Regulated, and register those in the National Data Catalog along with the necessary metadata. 

The draft policy has been published on the ICT Division's website for stakeholder feedback. 

Bangladeshi citizens living in the country and abroad, who are experts in this field, professors from various universities, and representatives of all relevant government agencies, development partners, industry and academia have been requested to send their written opinions or recommendations on the draft. 

All have been requested to send their feedbacks following the addresses - [email protected] or by post: Secretary, Information and Communication Technology Division, ICT Tower (4th Floor), Agargaon, Dhaka.