{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreics2hagvuph3yoa2vaa7fxw3u53n3uiafglubilpmrzhmrkhwbkbe",
    "uri": "at://did:plc:b3tz6srl4ochk2wxn6dv6xpy/app.bsky.feed.post/3mkt2srw5mo52"
  },
  "path": "/Articles/1070864/",
  "publishedAt": "2026-05-01T19:27:18.000Z",
  "site": "https://lwn.net",
  "tags": [
    "reports",
    "National\nHealth Service",
    "open-source repositories",
    "code repos\npublished by the NHS",
    "the\nCovid Contact Tracing app was open sourced the minute it was available\nto the public",
    "Tech\nCode of Practice point 3 \"Be open and use open source\""
  ],
  "textContent": "Terence Eden reports that the UK's National\nHealth Service (NHS) is preparing to close almost all of its open-source repositories as a response to LLM tools, such as Anthropic's Mythos, becoming more sophisticated at finding security vulnerabilities. He does not, to put it mildly, agree with the decision:\n\n> The majority of code repos\npublished by the NHS are not meaningfully affected by any advance in security scanning. They're mostly data sets, internal tools, guidance, research tools, front-end design and the like. There is _nothing_ in them which could realistically lead to a security incident.\n>\n> When I was working at NHSX during the pandemic, we were so confident of the safety and necessity of open source, we made sure the\nCovid Contact Tracing app was open sourced the minute it was available\nto the public. That was a nationally mandated app, installed on millions of phones, subject to intense scrutiny from hostile powers - and yet, despite publishing the code, architecture and documentation, the open source code caused **zero** security incidents.\n>\n> Furthermore, this new guidance is in direct contradiction to the UK's Tech\nCode of Practice point 3 \"Be open and use open source\" which insists on code being open.",
  "title": "Eden: NHS goes to war against open source"
}