Microsoft to let national governments review source code
- By William Jackson
- Jan 15, 2003
Microsoft Corp. has announced a new program to make source code for its Windows operating systems available for review to national governments.
The Government Security Program is an expansion of the company's Shared Source Initiative, which has made source code available to major customers, development partners and governments for more than a year. Other programs under the Shared Source Initiative focus on product support and development. GSP focuses on the security needs of national governments.
Microsoft announced that NATO and Russia's Federal Agency for Governmental Communication and Information have signed GSP agreements and that it is in discussions with about 20 other governments. The company would not say if the U.S. government is among them.
'Participation in the GSP will be disclosed at the discretion of each government signatory, and Microsoft is committed to honoring confidentiality where necessary,' the company said in its announcement.
The program offers access to the source code for Windows 2000, XP and Server 2003. It is not open to governments subject to U.S. trade embargoes. Those countries include Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria. The company also considers each country's laws and track record on intellectual property rights before making the program available. Craig Mundie, Microsoft chief technical officer, said about 60 countries now are eligible to participate.
Microsoft has allowed academic institutions access to source code for research and training purposes for more than 10 years. In May 2001 it launched its Shared Source Initiative to license the code to customers and partners on a limited basis. It expanded the initiative later that year to include the Government Source Licensing Program, which gives government users of Windows, including state and local governments, access to source code for their own support and development needs. In December 2001, Austria's Federal Ministry of the Interior became the first government agency to take part in that program.
The GSP focuses on national security concerns and participating governments do not have to be Windows users. Mundie said he expects the program will work with national agencies whose core responsibilities are security.
The program lets governments review Windows source code using a licensed code review tool. Participants will not be able to alter or recompile the code and may not disclose it. It is intended to help countries deploy their own secure computing infrastructures to run under Windows and to help them understand the strengths and vulnerabilities of the operating systems' security.
GSP also provides for the disclosure of technical information about the Windows platform and government representatives can visit Microsoft for one- and two-week tours to review development and testing practices. It also includes access to cryptographic code and development tools, subject to U.S. export restrictions.
Microsoft announced the new program almost a year to the day from chief software architect Bill Gates' memo announcing the company's Trustworthy Computing initiative. Under that initiative, the company has sought to make amends for what Gates called the pain it had put users through with unreliable and unsecure products. The initiative included a six-week coding stand-down last year during which developers examined old code for problems. The initiative's stated goal is to produce software that is secure by design, by default and in deployment.
William Jackson is a Maryland-based freelance writer.