Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Lets EU Governments Inspect Source Code For Security Issues

Posted by samzenpus on from the take-a-look dept.

itwbennett writes: Microsoft has agreed to let European governments review the source code of its products to ensure that they don't contain security backdoors, at a transparency center in Brussels. The second of its kind, the new center follows on the heels of the first, built last June in Redmond, Washington. Part of Microsoft's Government Security Program, the company hopes the centers will create trust with governments that want to use Microsoft products. "Today's opening in Brussels will give governments in Europe, the Middle East and Africa a convenient location to experience our commitment to transparency and delivering products and services that are secure by principle and by design," said Matt Thomlinson, Vice President of Microsoft Security.

7 of 143 comments (clear)

  1. Can they compile from source? by Anonymous Coward · · Score: 3, Insightful

    Can they (the governments) compile from source?

    1. Re:Can they compile from source? by Tatarize · · Score: 4, Insightful

      Can they compile it on site and get the hash codes from it, or export the compiled binaries back somewhere to check them out?

      Because if not, this is entirely bullshit.

      Just remove the backdoors from the source and show them the source without all the backdoors. See, no backdoors, or reason to suspect the compiled binaries you get are the ones compiled from that source.

      --

      It is no longer uncommon to be uncommon.
  2. Useful, or an empty gesture? by tgv · · Score: 3, Insightful

    So a few people can spend a bit of time looking through hundreds of millions of lines of code? How is that useful?

  3. Delivered versus reviewed by ebonum · · Score: 3, Insightful

    And who would trust MS not to show one version of the software and deliver something compiled from slightly different sources? Remember MS is more than happy to turn over dissidents' emails to the Chinese government. MS will say: "We follow all applicable laws in the countries where we operate." So what are the US laws about spying on anyone outside the country? I think it is required under NSL's.

  4. It's not an interest for Microsoft either by jones_supa · · Score: 3, Insightful

    You don't even need EU to verify the lack of backdoors. Microsoft itself strives to create a product without backdoors. If one would be found, it would greatly hurt their business.

    Has there ever been a backdoor in Windows or other Microsoft products? No.

    I'm just tired of the paranoid attitude that all commercial software provides automatically want to screw you. No. They want to create a product that you want to buy. I'm sure you don't want to buy a product that has backdoors.

    The main reason for going with closed source is not hiding malicious stuff, but that it allows making money with software. Open source works only if you have something else to sell along it.

  5. Re:Just one rule by gtall · · Score: 3, Insightful

    Errr...I'm certainly no MS apologist, but maybe companies insist on using MS because all their homegrown apps and store bought apps run on MS? If your organization has $1 Billion invested in MS Malware, it isn't an easy sell to shareholders or company execs than you need to spend another $1 Billion or more rebuilding just so you can feel at peace with FOSS. There needs to be a business case.

    Ah, but you say, invest the $1 Billion now and never have to pay MS again. Correct. Now put a money figure on precisely how much it will cost the company to do FOSS rather than MS? More importantly, how will doing this increase or decrease profits. Be specific, real figures are necessary to make a business case as well as documentation on the methodology used to do the analysis. BTW, is that analysis vetted? How good is it? How do we determine this? What will it cost to determine this?

    But, but, but....you can audit FOSS for free. Yes, now please staff up to audit FOSS and be able to explain how the findings will contribute to the success of your company. Please be sure to include the cost of the audit. And since you are into auditing, this is gift that keeps on giving, you'll be wanting to audit forever more.

    Most companies will just say screw it, hand me the MS Malware and let's get back to business.

  6. Headline is totally wrong by DoofusOfDeath · · Score: 3, Insightful

    From recent revelations, it's more likely the governments are looking for easier ways to break into citizens' computers.