Secret Sauce

By Rob Enderle  |  Posted 2004-02-13 Email Print this article Print

: Food yes, Software no"> While secret recipes have added value—and even saved mystery meat like hot dogs—software buyers arent as sanguine. Big customers have demanded access to the secret sauce to conduct their own due diligence: to identify problems, make systems work better, or to simply discover how the darned stuff works. With roots in education, much of the Unix code has been widely available for decades. Some of the Unix variants (Digital Unix, HP-UX, and Solaris) had significant secret parts, but the core technology was there for all to see. Linux started out as a community project, and has always been widely shared. And in the age of the internet, once you set your code genie free, its virtually impossible to stuff it back in the bottle.
This has created a problem for Microsoft, since it continues to believe that the open release of source code can create serious problems for a high-volume multi-national vendor.
Microsoft already has a serious software piracy problem, compounded by the potential for Windows clones that look and feel like Windows, but either contain malware or circumvent anti-piracy enforcement. The chance of this happening with Windows is much higher than with open source software, which is often tied directly to hardware or other services. This as a far greater threat for Microsoft than crackers simply using source code to create new attacks. There is one area where exposing the code could cause security problems. The security industry is still anticipating organized attacks from criminal or terrorist groups who may move more strategically than the common-day rogue.
These shadowy groups could choose to avoid known exposures (where patches are generally available, and applied in many cases), and could instead target previously unknown vulnerabilities gleaned from the code. An attack vectored on an unknown hole, if wide enough, could be virtually unstoppable. But even more worrisome than an attack, sophisticated crackers could instead simply create back doors into sensitive systems, and then manipulate financial transactions, extract sensitive data, or take control of critical systems at a predetermined time. However, many of these truly sensitive systems still run Unix, and many, based on the advice of "security experts" are beginning to run Linux. As a result, any problems rising from source-code mining would be at least as bad for these platforms as it is for Microsofts. There is a silver cloud, however. The source code theft is once again raising the issue of whether OS source code should be publicly available. If "open source" is good, then why is the accidental release of a small amount (only about 15 percent) of source code so damaging to Microsoft? Maybe its time to set aside our Microsoft biases and objectively analyze this issue. Until we do, we cant honestly determine whether open source is worth the risk. And answering that question, as weve seen in this crisis, is critical to the future of the software industry. Rob Enderle is the principal analyst for the Enderle Group, a company specializing in emerging personal technology.

Rob Enderle Rob Enderle Enderle Group 389 Photinia Lane San Jose, CA 95127

Submit a Comment

Loading Comments...

Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel