Microsoft source code gets a look
- By William Jackson
- Jul 16, 2003
Microsoft Corp.'s Government Security Program has made more than 100 million lines of Windows operating system source code available for national governments to study.
The company's 2-year-old Shared Source Initiative already lets large customers, development partners and others view source code. There are similar shared-source programs for product support and development.
'GSP is more than just accessing source code,' said Jason Matusow, Microsoft's shared-source manager. He said it helps national governments fix their security holes because it grants more access than the other programs to the 3 percent of third-party code in Windows not owned by Microsoft, as well as to cryptographic elements and what Microsoft calls high-value intellectual property.
Participating government officials can see the excluded code during one- or two-week tours at the company's headquarters in Redmond, Wash., and receive additional security documentation. They cannot modify what they see.
NATO, Russia and 11 other nations have joined the program. 'We're talking with the U.S. government' and about 20 others, Matusow said. 'At this point no agreement has been signed.'
'There are elements of the U.S. government that for research purposes have had access to source code for some time,' Matusow said.
The program covers all versions and service packs of Windows 2000, XP and Server 2003. It is not open to governments subject to U.S. trade embargo, or to state and local governments. Microsoft considers a country's intellectual property laws before offering the program. Chief technology officer Craig Mundie has said about 60 countries are eligible to participate.
Microsoft has given academic institutions access to source code for research and training for more than a decade. In May 2001 its Shared Source Initiative began to license code for Windows, CE, .Net and Passport Manager to customers on a limited basis.
Later that year the Government Source Licensing Program gave government users, including state and local jurisdictions, access to code for their own support and development needs. Austria's Federal Ministry of the Interior, Sweden and Switzerland joined that program.
The new sharing program comes a year after chief software architect and chairman Bill Gates announced the company's Trustworthy Computing Initiative, which seeks to make amends for unsecure software products. The initiative started with a six-week coding stand-down during which developers examined existing code for security flaws.
The open-source movement has demonstrated the benefits of access, Matusow said, and 'we're learning from it.'
William Jackson is freelance writer and the author of the CyberEye blog.