The only surprise was that it had not happened sooner; that was the analyst consensus on learning that chunks of the source code for Microsoft Windows 2000 and Windows NT had been leaked onto the Internet in mid-February.
Up to 90% of the source code for Windows products has been shared over the years through Microsoft’s Shared Source and Government Security programs. The only parts that Microsoft does not let anyone see are those concerning product activation, its use of cryptography and code from other firms, which it cannot licence directly.
The leaked code does not represent an immediate security threat to Microsoft or Windows users; the amount of code leaked is too small for that. “It’s more embarrassing than anything else,” says Rob Enderle, principal analyst, Enderle Group. “Because it makes it look like Microsoft can’t control its code.”
But is it finally time for Microsoft to loosen its grip on its code? The Microsoft Shared Source initiative was started to counter the success of the open source movement and to reassure many users, particularly among the more paranoid governments of the world, that the source code did not contain any ‘back doors’ that the CIA could use to break into their systems.
Although the source code leak will not change the way Microsoft shares its Windows code any time soon, analysts view it as a timely wake-up call for Microsoft and its attitude towards the open source concept.
Microsoft has always regarded the sharing of its operating system code warily, pointing out that it helps keep it secure and therefore should not be made public; an approach that rival open source advocates have described somewhat derisively as ‘security through obscurity’.
According to sources that have seen the code, it is both too old and too fragmented to be of any great use. What it does provide, however, is a first real glimpse into how Microsoft builds its applications and writes its code.
So whatever else happens, Microsoft can confidently expect to receive a lot of scrutiny and comment from the developer community – whether it wants it or not.