Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft To Share Office Source Code

Posted by Hemos on from the aftershocks-to-ensue dept.

I_Love_Pocky! writes "According to this article, Microsoft is going to give its source code for Office 2003 to more than 30 different world governments. The purpose? So they can inspect the code for security flaws."

17 of 348 comments (clear)

  1. I'm wondering... by leonmergen · · Score: 5, Insightful

    Not only security is the purpose of making it available, but also so that governments can adapt file formats for cross-software compatibility. Now I'm wondering, what will happen if a government wants to adapt this document format to some opensource program, which happen to have a license that requires to donate all adjustments to the code to the opensource community... I'm pretty sure Microsoft will not allow this, will it ?

    --
    - Leon Mergen
    http://www.solatis.com
    1. Re:I'm wondering... by Kingsly · · Score: 5, Interesting

      The important questions is...

      Is there a way for the governments to verify if the binaries that MS ships is from the same source that they are getting to see?

      Will the governments be allowed to compile their own version ?

    2. Re:I'm wondering... by mirko · · Score: 5, Interesting

      Well, if they compile these and they do not get the exact same binaries, they might claim they are cheating but as we know Microsoft, they will explain that their WC++ might not always produce the same output depending on many factors...
      So, well, they have to believe it.

      --
      Trolling using another account since 2005.
    3. Re:I'm wondering... by FauxPasIII · · Score: 5, Funny

      > Yeah, great joke... other than that you're stupid and obviously unaware that there is no 'w' sound in Russian.

      Then vere do you keep your nuclear wessels ?

      --
      25% Funny, 25% Insightful, 25% Informative, 25% Troll
  2. World governments by Anonymous Coward · · Score: 5, Funny

    I didn't realize there was even one world government. I have no idea how they could manage 30 with overlapping jurisdictions... ;)

  3. Jesus by gowen · · Score: 5, Insightful

    And exactly how many of those governments are going to waste their taxpayers money debugging the code for MS, when the license under which they've seen the code, doesn't allow them to do anything with it?

    <TIN FOIL HAT>
    and what happens when the members of a gov IT team that's licensed this code, then want to use and contribute to an Open Source project that better suits their needs -- hey! they can't! You've signed a prescriptive NDA!

    --
    Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
    1. Re:Jesus by Angostura · · Score: 5, Insightful

      Precisely. It strikes me that in most cases this program will just be used to fill in the right check box on a tick list. "We can look at the source code if we want to" . Good. Next.

      I doubt there will be much real examination going on.

      There are numerous benefits to be gained by a programmer who examines real open source code. They can implement new features, squash bugs, tweak functionality - and potentially learn programming techniques.

      The potential return on investment in time is great.

      By comparison, the return on investment of examining MS code is small both to the organisation, and to the individual programmer - there is little or nothing that can be *done* with the knowledge gained. In fact the tainting issue referenced by others can even have a chilling effect on the use of *existing* knowledge.

  4. Readable? by Daengbo · · Score: 5, Interesting
    If the reports that I've heard are true about the code, it's so confusing that the developers are afraid to change much lest they break something. All that backward compatability screws everything up. Could the govenments make much sense of it if the MS developers are having a hard time?

    Love this part:
    Redmond, Washington-based Microsoft keeps its source code closely guarded, and requires any governments or companies to sign agreements not to divulge the data that is used to create its software programs.

    The Linux software system, which is now a major competitor to Windows and other Microsoft products, and its source code are freely available to anyone under an open source license that guarantees that the data will always be shared.
    --
    Put identity in the browser.
  5. Some questions not answered in the article by StateOfTheUnion · · Score: 5, Interesting
    Are any of these governments already using open source technologies? I wonder if this effort is to get governments to switch back to MS products or only to prevent others from joining those that have already defected from Microsoft's empire . . .

    Alos, are any of these governments developing countries? Or southeast Asian? In other words is Microsoft entrusting the code to any governments that seem to take a blind eye to software piracy?

  6. Another SCO? by iammrjvo · · Score: 5, Interesting


    When (not if) the source code is leaked, then how long will it be before MSFT claims that office code was integrated into OpenOffice. How much in royalties will they demand?

    --
    Ha, ha! Nobody ever says Italy.
  7. Is this a preemptive legal defense strategy? by StateOfTheUnion · · Score: 5, Interesting
    After thinking aoubt this for a while I think that it may be a brilliant strategy on MS's part . . .

    If the government of a country has the source code of the software to examine for security flaws, doesn't this give MS a defense against liability from future lawsuits? For example, if the UK government gets to inspect the source code, continues to use MS-Office, and then has a major problem due to hackers hacking MS-Office; MS can say that the software was given a clean bill of health by the British government, so MS shouldn't be held liable.

    I know that no defense is necessarily bulletproof, but this is just going to give MS's legal dept. more ammunition so that that MS can get away with writing sloppy code and not be found as grossly negligent.

  8. Don't Look by suezz · · Score: 5, Insightful

    If anybody develops for OpenOffice or any other office suite I would not even get in the same room as the code. If you look at the code and develop for OpenOffice then Microsoft will probably come after you saying you stolen their code because you read it and it gave you the ideas and means to do the programming. Be very, very, very careful - why would a proprietary company want people to see it's secrets that has been its cash cow for the past 4 or five years. I think they are gearing up for an attack on open office - now that we have seen part of the agreement between sun and them - why would open office even have to be mentioned in the agreement - it has nothing to do with them. I smell something rotten in denmark.

  9. Smoke and mirrors by Slinky+Saves+the+Wor · · Score: 5, Interesting
    This is basically a load of crap. Why? Well...

    If you cannot compile the given source to a fully working Microsoft Access (or whatever source is provided), how can you be sure that the program you buy from the store contains the same source code?

    You can't, since you most likely can't compile the given source, and keep on using that compiled version!

    This is just smoke and mirrors. Now Microsoft can say their code has been provided for auditing by some instance, so it's got to be safe. However, there is no guarantee that the defects found will be fixed at all, and that the fixes will ever be found in the actual product. There is also no guarantee that the software you obtain from the store is the same as that for which the source was provided.

    You can easily implant backdoors to the supposedly "audited" source code: just don't give the newly modified source code with the backdoor back to auditing...

    --
    I do not moderate.
  10. Just a PR stunt by Andy_R · · Score: 5, Interesting

    From the article (emphasis added by me)

    The new initiative is an extension of Microsoft's Government Security Program, which allows the governments of more than 30 countries to examine most of Microsoft's underlying source code, or software blueprint for its flagship Windows operating system.

    What's the benefit in looking at "Most of" the code and seeing if it is secure?

    Absolutely nothing at all, apart from Microsoft getting an NDA signed on your behalf by your Govern(e)ment without any consultation with the public.

    --
    A pizza of radius z and thickness a has a volume of pi z z a
  11. Re:Interesting by glyph42 · · Score: 5, Interesting

    Source code watermarking is a hot research topic. You do it by inserting *logic* into the code, not just text. The logic, thanks to the hardness of SAT, can be constructed so that it is nigh impossible to see which parts will be run and which will not. Thus it becomes impossible to remove the logic, even for a nice optimizing compiler. There are side effects built into these bits of code, such that no matter how it is modified, rearranged, and compiled, the side effects can be read (by you, the programmer) to identify which copy of the source code it comes from. Of course, the code will become somewhat obfuscated and difficult to read, but hey :P There are tools already available for watermarking Java.

    Google for: "source code" watermarking filetype:pdf

    --
    Music speeds up when you yawn, but does not change pitch.
  12. Re:Interesting by ajp · · Score: 5, Insightful

    If this were true then not one person who previously worked at Microsoft would ever be able to work anywhere else. Rob Glaser, for example, who left Microsoft's media division to open up Real Audio.

    Thank you. Next?

  13. MS Office loses an argument against OSS by roesti · · Score: 5, Insightful

    Hang on a second. I thought that even if you let other people review your source code, they're highly unlikely to do so. Isn't that one of the arguments that the anti-OSS crowd march out all the time? Now, Microsoft are doing it, and they're telling people it's for security purposes. Aren't they conceding that this argument is flawed, if they themselves can see some merit in doing so?

    Coming up in the news, Microsoft will announce it will start making good design choices, writing good documentation, publishing their binary file formats, and giving away their flagship software for free. For the government. Foreign ones, even. Probably.

    --
    Attack its weak point for massive damage!