The Chinese government on Thursday signed up for Microsofts recently announced Government Security Program, which gives it access to Windows source code and prescriptive guidance on security assurance.
Last month, Microsoft announced a new global initiative to provide governments around the world with access to Windows source code under the GSP security program, which was designed to “address the unique security requirements of governments and international organizations throughout the world.
“We view governments that utilize our software as trusted partners. The GSP will provide governments with the opportunity to assess the security and integrity of the Microsoft products they deploy…We are also providing technical documentation, methods for troubleshooting, access to cryptographic tools subject to export controls, and access to Microsoft expert support technicians who can collaborate with governments on how they use this source code access,” Microsofts chief technology officer Craig Mundie said at that time.
China joins the U.K., Russia and NATO as the first participants in the program, while Microsoft is talking to more than 30 other countries about their interest in the program.
On Thursday, Microsoft Chairman and Chief Software Architect Bill Gates briefed Chinese President Jiang Zemin on the GSP agreement signed between the two parties during his visit to China. “As a government customer and trusted partner, we are committed to providing the Chinese government with information that will help them deploy and maintain secure computing infrastructures. We see this agreement as a significant step forward in Microsofts relations with the Chinese government,” he said in a statement released on Friday.
Dr. Wu ShiZhong, director of the China Information Technology Security Certification Center, said in a statement that information technology security is a key issue for the Chinese government as part of the process of information transfer. “Microsofts GSP provides us with the controlled access to source code and technical information in an appropriate way,” he said.
Microsofts GSP move follows its concerns about the interest a number of foreign governments and agencies have shown in Linux. Last June, the German government said it was moving to standardize on Linux and an open-source IT model at the federal, state and communal levels.
As part of this move, Germany signed a contract of support with IBM that would facilitate moving its agencies to Linux and helping develop innovative IT solutions based on open standards. Otto Schily, the German minister of the Interior, said at that time that the contract with IBM enabled the administration to buy IBM hardware and software running Linux under competitive pricing conditions.
“Linux offers the best potential as an alternative to Windows for server operating systems to reach more heterogeneity in the area of software. The fact that we have an alternative to Windows with Linux gives us more independence as a large software customer and is a major contribution to the economic use of IT in the administration,” he said.
The German governments move to IBM and Linux followed similar moves by more than 75 other government customers. The U.S. Department of Agriculture, the Federal Aviation Administration, the U.S. Department of Energy, the U.S. Air Force and Pinellas County, Fla., are all using Linux, as are agencies in the governments of China, Singapore and Australia.
While Mundie made no direct mention of the Linux threat when announcing the program, he said national governments and their principal agencies face greater security threats than do technology consumers and thus should place security at the top of their technology requirements. Microsoft is providing “controlled access to the Windows source code and other technical information,” while the no-fee initiative enables program participants to review Windows source code using a code review tool, but this is subject to certain undisclosed license restrictions.
The perception that Linux and other open-source software is more secure than Windows has also enraged Microsoft executives, who claim that this is not the case. That sentiment was shared in a November research note from two analysts at the Aberdeen Group, who said open-source software and Linux distributions were the “2002 poster children for security problems.”
Of the 29 advisories issued through October by the CERT Coordination Center at Carnegie Mellon University in Pittsburgh, 16 of them addressed vulnerabilities in open-source or Linux products. Seven of the advisories were related to Microsoft products. “Open source software is now the major source of elevated security vulnerabilities for IT buyers,” the Aberdeen report said. “The poster child for security glitches is no longer Microsoft; this label now belongs to open source and Linux software suppliers,” the researchers said in that note.
The GSP follows other Microsoft moves to share code and make its products more secure. As first reported by eWEEK in March 2001, Microsoft launched the Shared Source Initiative, which was followed in January 2002 with the Redmond, Wash., companys Trustworthy Computing initiative, which placed security at the core of all Windows development efforts.
Mundie said the GSP also supports and builds on the Common Criteria (CC) certification, which Windows 2000 achieved last October.
Latest Security News:
Latest Microsoft News:
Search for more stories by Peter Galli.
Find white papers on security.