Microsoft Stands by Its Code

The leak of some of Microsoft Corp.s Windows source code this month highlights the struggle proprietary software companies face in providing developers, partners and customers access to the code while protecting their own intellectual property.

Although the source code leak, discovered Feb. 12, wont change the way Microsoft shares some Windows code through its Shared Source and Government Security programs, industry watchers and users alike hope the company will learn from the leak and possibly consider the benefits of certain open-source concepts.

But thats not likely to happen soon, according to company officials in Redmond, Wash. Despite the uproar over the leak of Windows 2000 and NT 4.0 source code, the files dont appear to present an immediate security threat to Microsoft or Windows users.

“The directory list that I have seen for the leaked Windows 2000 code runs to some 1,000 pages, but there is no way this could be used to compile a working version of Windows, as its just a small part of the code that would be required for that,” said a developer who has seen the source files and who requested anonymity.

The developer said the source files include networking code; code for the Windows Explorer shell, including instructions on how to move pre-Internet Explorer 4.0 Windows shell code to the then-new IE integrated shell; some APIs; and code for IE 5.x.

If anything, the leak could lead to a closer scrutiny of the business models around closed versus open source and the risks and rewards of each.

Next Page: Developers Weigh-in on Exposure

Developers Weigh

-in on Exposure”>

Microsoft has a far more restrictive approach to sharing its source code than other platform vendors, such as Sun Microsystems Inc. Microsofts Shared Source and Government Security programs require licensees to sign nondisclosure agreements that give them limited-rights access to code, which they cannot change or use to create a modified version of Windows.

Licensees can access the source code only through Microsofts secured Code Center Premium site. The service gives them access to browse, search and reference the code.

Sun, of Santa Clara, Calif., licenses its Solaris source code to developers, partners and academic institutions, allowing each to download the actual code, which they can modify as long as it is for noncommercial reasons, said Sun Chief Technology Officer John Fowler. Suns Java is also part of the quasi-open Java Community Process.

“The exposure of the Solaris and Java source has materially improved the products as we get suggestions on security improvements before they show up on the radar of the bad guys. It helps foster innovation,” Fowler said. “If more people can interoperate with Solaris, Im happy. Closing the source code off doesnt help me.”

Microsoft spokesman Mark Martin would say only that the company stands behind its programs. He declined to say if there are any initiatives to change the process or security around its source code programs and access following the leak.

Although Microsoft customers and developers would like to see the company open its code, they are not optimistic that this will happen any time soon.

“I do not dismiss Microsoft at all when it comes to finding a model similar to open source or finding a way to buy a position in the open-source community,” said Sean Frazier, a networking consultant in Burbank, Calif. “But to openly display the source code without gain, I just dont think Microsoft can think that far outside the shrink-wrapped box.”

David Blomberg, an engineer at a large network solutions company in Tokyo, agreed, saying that “open source code has shown that shown code is more secure. I think everyone benefits with code being viewed by many eyes, and as long as the copyrights are in place, no one else can steal your code.”

Frazier said he expects the leak to have an impact on the way some businesses deploy Windows. “Already, we are looking at deploying Linux in a few key areas,” he said. “I imagine that this will speed up some of that.”

/zimages/4/28571.gifWant the story latest news, reviews and analysis in programming environments and developer tools? Check outeWEEKs Developer Centerat http://developer.eweek.com.