NHS England retreats from open source: open letter urges reversal of SDLC-8 policy

An open letter published at keepthingsopen.com, signed by 74 individuals including Cory Doctorow and many contributors to UK public-sector software, calls on NHS England to reverse its decision to hide all source code repositories. The letter states that NHS technical leadership has chosen to close repositories that were previously open, walking back the commitment to Principle 12 of the NHS Service Standard: "Make new source code open."

Why opening code matters

The letter argues that making code open source forces teams to maintain a higher bar of quality, proactively find and fix vulnerabilities, and implement barriers to contain damage. It compares this to the human immune system: "being exposed to threats hardens the attack surface." Closed source, by contrast, substitutes obscurity for depth — which the letter calls insufficient against a motivated attacker.

The specific policy target is SDLC-8, an internal red line that NHS England imposed. The letter demands: "We call on NHS England to withdraw the SDLC-8 red line and reaffirm its commitment to the NHS Service Standard Principle 12."

Signatories and references

The letter lists signatories like Adam Worley, Andrew Nesbitt, Dr. Cory Doctorow (h.c.), Kevin Marks, Marcus Baw, and others. Several have direct contributions to UK public-sector software. The page also references related articles:

• NHS Goes To War Against Open Source
• NHS England rushes to hide software over AI hacking fears
• GOV.UK guidance: Don't be afraid to code in the open: how to do it securely
• Terence Eden's post: Does Mythos mean shutting down your open source repos?

The letter remains open for signatures, with submissions reviewed manually.