* CFPB is upfront about being open source. What has that meant in terms of your work with the public and within the government? Do you feel like you have more citizen engagement, for example?
well, let me begin by saying that i am not responsible for the open source policy. i came here well after it was established.
ineed we have a very up front open source policy. when we develop custom code internally, we do it by defaul as an open source project. we have embraced this approach for several reasons. in particular it gives us the best approach to software devilvery in terms of quality and time. i would say, when it comes to citizen engagement, we have experiences great trust b/c our products are all developed in the open. we haven't seen a significant amount of engagement in software development from the public; that is to say we haven't seen people outside of government making pull requests against our code to offer code development back. i would also say that i really haven't seen that anywhere. i think the real advantage to open source policy like ours in government is that we are fully transparent about our software path; there is great trust gained by this approach. people can gauge for themselves what our software does.
* How have other government agencies responded to your open source policy? Has it inspired any to research implementing a similar one? i can safely say as i watched cfpb unfold from another federal agency, the fcc, it was taken with great respect. here is this new agency going, you know what, here is how we are going to do it. this is the new way, we are going to give this a whirl, and we are going to own it. the great thing about this is that there is no right way to do things across federal government. what i mean is that there is no panacea, no single unifying technical approach that will work in all places. what there is is approaches that get pieced together along with culture, budget, leadership style, statutory authority, legacy and a whole host of other variables that make each agency different. so in this respect, we all look at each other to see who is doing what and why for which projects. we all learn from each other. so in many cases, people like 18f and the usds have taken some of their approaches from what we did with our open source policy and we have take ours for leaders like nasa and noaa. i would love to say we have the answer, and everyone watches us for our great innovation. the truth is we are doing things so we can solve the tech problems presented to us. this works best for us, and if that works for others, then great.
* What have you been able to accomplish that you wouldn't have been able to do without open source? starting a new agency isn't like solving a single programatic problem. from scatch we had to come up with solutions for collaboration, hr systems, intranet, public web site and hosts of other solutions. if we put those out for canned solutions we would have ended up with the worst kind of frankenstein. in short, we have been able to accomplish standing up a functioning agency because of an open source policy. we have been able to fit flexible components together by using open source solutions that we are quite confident would just not be possible to establish with other approaches. so while we have lots and lots more work to do, we would be still scratching our heads with our first solution if it weren't for our open source policy.
* This might get a similar response, but are there any especially interesting projects you can point to? i would just look at our github account. there are 80+ repo's there. take your pick. we do everything there. we write our public website there. we wrote our open source policy there. we write our eRegs project there. we wrote our public data platform there. we are writing our entirely new home mortgage disclosure act operations program there. we have written our application framework, our testing protocols, our design framework there. pretty much everything.
* How have other agencies or the public used or contributed to your code? you know, we haven't seen much of contributions back. i would also say we are still in an infant state and i am not sure there is a lot of pull request kind of activity where many government agencies have gotten any public contributions back.
what we have seen is other people fork our stuff, and that makes us proud. we know that people have taken some of our design frameworks from github and use them in their own design framework. we know that save time and cost in both pilot and new production web development. we don't know if anyone has done cost estimates for savings in this kind of thing, but we can guess it was good amounts. either way, we are just excited that someone took our ideas and built off of them. thats good.
* Have you been able to roll back into the agency changes or feedback you've gotten? the short is no, we haven't see much of this, yet.
* What steps do you take to ensure that contributions meet CFPB and federal security requirements? Meaning, how do you vet contributions to be sure they are helpful, not harmful? again, we haven't seen much of any kind of activity like this yet, but we would treat this just like we would treat any change request on software. a change request would go through the normal code review for functionality, security review etc. we have quite a great project managmeent team who helps manage and implement any change request, and can gauruntee new features are not harmful.
* What resources can you recommend for agencies looking to start on the road to open source? Where can they look for guidance? what i recoomend is that agencies do what is right for them. we obviously think writing open source code is a positive exerience. we get a positive return on our investment from our open source policy and we will continue in this vain, until it doesn't provide us a positive roi. we are also constanly poking at our processes and policies to make sure they are all contributing to that roi. this is what any good program should do along with reading what others recoomend. what we would also say is, there are no panacea's no magic wands that make all your solutions easy. anyone who suggests they know the answer is likely wrong. we sure aren't right, as we have made lots of mistakes and we learn from them. we just know that we learn faster than we would if we single large proprietary solutions in house, rahter than small flexible open ones.