Microsoft Launches Government Security Program

By Peter Galli  |  Posted 2003-01-15 Print this article Print

In reaction to foreign governments' move to Linux, Microsoft forms a security initiative that provides governments with access to Windows source code.

Microsoft Corp., moving to stem the tide of foreign governments embracing the Linux open-source operating system, on Tuesday announced it has formed a global initiative to provide governments around the world with access to Windows source code. The new security initiative, the Government Security Program (GSP), has been designed to "address the unique security requirements of governments and international organizations throughout the world," said Craig Mundie, Microsofts chief technology officer. "We view governments that utilize our software as trusted partners. The GSP will provide governments with the opportunity to assess the security and integrity of the Microsoft products they deploy. … We are also providing technical documentation, methods for troubleshooting, access to cryptographic tools subject to export controls, and access to Microsoft expert support technicians who can collaborate with governments on how they use this source code access," he said.
Microsoft has been concerned by the interest a number of foreign governments and agencies are showing in Linux. Last June, the German government said it was moving to standardize on Linux and an open-source IT model at the federal, state and communal levels.
As part of this move, it signed a contract of support with IBM that would facilitate moving its agencies to Linux and helping develop innovative IT solutions based on open standards. Otto Schily, the German minister of the Interior, said at that time that the contract with IBM enabled the administration to buy IBM hardware and software running Linux under competitive pricing conditions. "Linux offers the best potential as an alternative to Windows for server operating systems to reach more heterogeneity in the area of software. The fact that we have an alternative to Windows with Linux gives us more independence as a large software customer and is a major contribution to the economic use of IT in the administration," he said. The German governments move to IBM and Linux followed more than 75 other government customers. The U.S. Department of Agriculture, the Federal Aviation Administration, the U.S. Department of Energy, the U.S. Air Force and Pinellas County, Fla., are all using Linux, as are agencies in the governments of China, Singapore and Australia. While Mundie made no direct mention of the Linux threat on Tuesday, he said national governments and their principal agencies face greater security threats than technology consumers, and have to place security at the top of their technology requirements. Russia and NATO have already signed GSP agreements, and Microsoft is talking to more than 20 other countries about their interest in the program. In a statement released late Tuesday, Microsoft admitted that it is providing "controlled access to the Windows source code and other technical information," adding that the no-fee initiative enables program participants to review Windows source code using a code review tool, which is subject to certain undisclosed license restrictions. The perception that Linux and other open-source software are more secure than Windows has enraged Microsoft executives, who claim that this is not the case. That sentiment was shared in a November research note from two analysts at the Aberdeen Group, who said open-source software and Linux distributions were the "2002 poster children for security problems." Of the 29 advisories issued through October by the CERT Coordination Center at Carnegie Mellon University in Pittsburgh, 16 addressed vulnerabilities in open-source or Linux products. Seven of the advisories were related to Microsoft products. "Open source software is now the major source of elevated security vulnerabilities for IT buyers," the Aberdeen report says. "The poster child for security glitches is no longer Microsoft; this label now belongs to open source and Linux software suppliers." The GSP follows other Microsoft moves to share code and make its products more secure. As first reported by eWEEK in March 2001, Microsoft launched the Shared Source Initiative, which was followed in January 2002 with the Redmond, Wash., companys Trustworthy Computing initiative, which placed security at the core of all Windows development efforts. Mundie said the GSP also supports and was built on the Common Criteria certification, which Windows 2000 achieved last October.
Peter Galli has been a financial/technology reporter for 12 years at leading publications in South Africa, the UK and the US. He has been Investment Editor of South Africa's Business Day Newspaper, the sister publication of the Financial Times of London.

He was also Group Financial Communications Manager for First National Bank, the second largest banking group in South Africa before moving on to become Executive News Editor of Business Report, the largest daily financial newspaper in South Africa, owned by the global Independent Newspapers group.

He was responsible for a national reporting team of 20 based in four bureaus. He also edited and contributed to its weekly technology page, and launched a financial and technology radio service supplying daily news bulletins to the national broadcaster, the South African Broadcasting Corporation, which were then distributed to some 50 radio stations across the country.

He was then transferred to San Francisco as Business Report's U.S. Correspondent to cover Silicon Valley, trade and finance between the US, Europe and emerging markets like South Africa. After serving that role for more than two years, he joined eWeek as a Senior Editor, covering software platforms in August 2000.

He has comprehensively covered Microsoft and its Windows and .Net platforms, as well as the many legal challenges it has faced. He has also focused on Sun Microsystems and its Solaris operating environment, Java and Unix offerings. He covers developments in the open source community, particularly around the Linux kernel and the effects it will have on the enterprise.

He has written extensively about new products for the Linux and Unix platforms, the development of open standards and critically looked at the potential Linux has to offer an alternative operating system and platform to Windows, .Net and Unix-based solutions like Solaris.

His interviews with senior industry executives include Microsoft CEO Steve Ballmer, Linus Torvalds, the original developer of the Linux operating system, Sun CEO Scot McNealy, and Bill Zeitler, a senior vice president at IBM.

For numerous examples of his writing you can search under his name at the eWEEK Website at


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel