Microsoft Unveils Open Source Exploit Finder

Houston 2600 sends this excerpt from the Register about an open-source security assessment tool Microsoft presented at CanSecWest: "Microsoft on Friday released an open-source program designed to streamline the labor-intensive process of identifying security vulnerabilities in software while it's still under development. As its name suggests, !exploitable Crash Analyzer (pronounced 'bang exploitable crash analyzer') combs through bugs that cause a program to seize up, and assesses the likelihood of them being exploited by attackers. Dan Kaminsky, a well-known security expert who also provides consulting services to Microsoft, hailed the release a 'game changer' because it provides a reliable way for developers to sort through thousands of bugs to identify the several dozen that pose the greatest risk."

Re:Libre?

[janwedekind]

The GPL maximises protection against software patents and forbids distribution as proprietary-only software. The Ms-PL minimizes protection against software patents and forbids distribution as libre-only software. The Ms-PL formally fulfills the requirements for an OSI approval but apart from that it is everything what you would expect a license from Microsoft to be. To understand the Ms-PL just imagine the Venn diagram for the following equation: MsPL = ( OSI - GPL ) & Microsoft

Re:Open Source?! Wait for it...

[causality]

So what? The viral GPL license is not the only one that makes your software free.

What you say is factually correct yet it misses the point entirely. I like benefit of doubt so I'll assume that you were not being deliberately obtuse. If Microsoft really wanted to release source in a way that is useful for the community, then they would be compatible with the GPL or would simply use the unmodified GPL. They know very well that the vast majority of Free Software, especially that which is available for Unix-like operating systems, is GPL.

So a developer who maintains GPL software has two choices regarding the code that Microsoft releases. The first choice is to ignore it and avoid using it, because I would certainly expect Microsoft to vigorously pursue anyone who violates their license. The second choice is to abandon the GPL and release the software under the Microsoft license so that Microsoft's code could be incorporated into the project. This has two benefits for Microsoft. At the very least, they can talk a good game about how "open" they are becoming while actually doing very little for the community. At the most, they can tempt people to stop using the GPL.

The GPL and Free Software in general is perhaps Microsoft's first experience with a potential competitor that they cannot buy out and cannot embrace-and-extend, so their huge resources and preferred tactics are rendered useless. Either they just give up or they realize that they cannot use the "direct approach". I would not expect them to just give up. The saying that comes to mind is "if you get into bed with Microsoft, you're going to get fucked." Anyone who really believes that Microsoft has had a change of heart and is now a trustworthy ally of Free Software is frankly rather naive. You're dealing with an entity that became so dominant in its industry by means of shrewd business decisions and Machiavellian strategy. I would expect a close-source software company with even half of their willingness and ability to dominate to see Free Software as an implacable enemy that requires new tactics. If anyone believes it could possibly be otherwise, the evidence against you is strong but I'd like to know why you feel that way.