Sofía AritzFSFE: NHS England should not hide public code behind closed doors
https://fsfe.org/news/2026/news-20260504-01.html
- Taking already public repositories offline does not prevent attackers from analysing deployed systems, dependencies, interfaces, or binaries.
- Depublishing does not make code unseen, nor does it remove existing copies, and it is not an effective security measure.
- Instead, it removes a fundamental pillar for security: the ability of independent experts, researchers, and other public bodies to inspect, reuse, and improve the code, and to report on security issues.
