- But the latest leak has revealed more. The agreement would also prohibit countries from enacting free and open source software mandates. Although “software used for critical infrastructure” is already carved out from this prohibition (and so is software that is not “mass market software”, whatever that means), there are other circumstances in which a country might legitimately require suppliers to disclose their source code.
For example, one step that might be considered to improve the dire state of security of consumer routers might be to require that they be supplied with source code, so that their security could be more broadly reviewed, and third parties could contribute patches for critical vulnerabilities. Although that may sound radical, this is already required for many routers because they are based on software covered by the GNU General Public License. TISA would prohibit any such national initiative.