Microsoft Exec Debates Open Source

By Peter Galli  |  Posted 2004-03-14 Print this article Print

Microsoft Shared Source executive Jason Matusow discusses his company's code strategy.

Jason Matusow, who heads Microsoft Corp.s Shared Source Program, discussed with eWEEK Senior Editor Peter Galli the recent source code leak, what it means for security and whether Microsoft plans any changes to the program.

How do licensees actually get access to Microsofts source code under your Shared Source and Government Security programs?

We provide source through a mechanism called Code Center Premium, which is a smart-card-driven, secured Web site, which has gone through numerous third-party security audits. What we do is host the builds on our servers, and, from a security perspective, we believe the source is thus more safe. But it also offers a high degree of value to the developer. They are given access to more than 100 million lines of Windows source code for Windows 2000, Windows XP and Windows Server 2003, across all versions, all service packs and all betas.
Its very hard for an individual developer to know the source tree, where things live. So we try to balance security concerns against the effectiveness of the tool, and so we have indexed the entire search base to allow them to search on function definitions, class definitions, file names and text searches.

Has the leak resulted in any new initiatives at Microsoft to change the access to code, security around that code or the programs themselves? No, and the reason for that is that we feel we have been very focused on security throughout the process of defining source code and how were providing source code. Does this raise the level of awareness to make sure we continue to focus on this? Sure. But no, there has been no immediate effect in terms of us making radical changes to the source code. Some Microsoft customers and many in the open-source community are saying the leak should be the catalyst for Microsoft to open up its code more widely and under less stringent requirements. This would allow peer review, better security and ultimately result in better code. Your thoughts on this?

There has always been an underlying argument that we should open up our source code more broadly. The fact is that we are learning from open source and we are opening our code more broadly through Shared Source. The Windows CE code base has been opened up very broadly, with 250,000 people downloading that source. With regards to the Windows source, we are working with far fewer, yet trusted, entities through Shared Source. There are no pure-play open-source companies today that are allowing complete and total free access to source code and still maintaining a very strong business model. Even Red Hat [Inc.], which comes the closest to this model, now in their support agreement say that if customers modify the source code, they invalidate the support agreement. That doesnt mean you cant see the code and use it as a reference model, but they have also yet to prove that they will have the same successful business model as, say, Sun [Microsystems Inc.], Novell [Inc.] or Microsoft.

What exactly is the Microsoft business model you are referring to?

Providing software for direct commercialization, like with Windows, where there is a large research and development effort to generate profits around the sale of that software. Hopefully, you are generating enough value in that for the customer so the cost of the software gives them high value-added software, and the business model is to sustain through direct licensing of the binaries. Our source code is also an enormous source of intellectual property that belongs to us. We will retain the rights to that IP and allow access to that source under our own terms. But that is no less than the Free Software Foundation [Inc.] would do. If you really look at open source, [it] is proprietary. Now the word proprietary has turned into a pejorative word, but copyright and the idea of ownership of that code is no less important to the creation of open source than traditional commercial software. The idea is that the owner determines the right and terms and restrictions of use of that software. Public domain is far more open than the GPL or FreeBSD licenses or any Microsoft Shared Source license.

[Open-source advocate] Eric Raymond says the real difference between proprietary and open source deals with who has control: the customer or the vendor.

The reality is that copyright still applies, and its still technology thats owned. Now, does the vendor control something more if he doesnt share the source code? Sure, but theres still a relationship between the creation and ownership of that software. What you then choose to do with it becomes a statement of what model you apply. Is there value to providing source code? The answer is unequivocally yes. Does that mean that you eviscerate your business model in order to provide that source code? There are 60,000 software companies and probably just 12 to 15 that you could name that are doing aggressive things with source code, no matter what they choose to do and whether they call it open or shared. Microsoft is one of those companies. The concept that the software industry would somehow rapidly improve if we all just started giving it away is probably a fairly specious argument.

Read eWEEKs interview with Eric Raymond. Check out eWEEK.coms Windows Center at for Microsoft and Windows news, views and analysis.
Be sure to add our Windows news feed to your RSS newsreader or My Yahoo page:  
Peter Galli has been a financial/technology reporter for 12 years at leading publications in South Africa, the UK and the US. He has been Investment Editor of South Africa's Business Day Newspaper, the sister publication of the Financial Times of London.

He was also Group Financial Communications Manager for First National Bank, the second largest banking group in South Africa before moving on to become Executive News Editor of Business Report, the largest daily financial newspaper in South Africa, owned by the global Independent Newspapers group.

He was responsible for a national reporting team of 20 based in four bureaus. He also edited and contributed to its weekly technology page, and launched a financial and technology radio service supplying daily news bulletins to the national broadcaster, the South African Broadcasting Corporation, which were then distributed to some 50 radio stations across the country.

He was then transferred to San Francisco as Business Report's U.S. Correspondent to cover Silicon Valley, trade and finance between the US, Europe and emerging markets like South Africa. After serving that role for more than two years, he joined eWeek as a Senior Editor, covering software platforms in August 2000.

He has comprehensively covered Microsoft and its Windows and .Net platforms, as well as the many legal challenges it has faced. He has also focused on Sun Microsystems and its Solaris operating environment, Java and Unix offerings. He covers developments in the open source community, particularly around the Linux kernel and the effects it will have on the enterprise.

He has written extensively about new products for the Linux and Unix platforms, the development of open standards and critically looked at the potential Linux has to offer an alternative operating system and platform to Windows, .Net and Unix-based solutions like Solaris.

His interviews with senior industry executives include Microsoft CEO Steve Ballmer, Linus Torvalds, the original developer of the Linux operating system, Sun CEO Scot McNealy, and Bill Zeitler, a senior vice president at IBM.

For numerous examples of his writing you can search under his name at the eWEEK Website at


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel