News leaked yesterday that the Redmond, Washington-based company is launching the Government Security Program (GSP), providing controlled access to Windows source code and other technical information specifically for government institutions.
Microsoft told ComputerWire yesterday that virtually all APIs and communications protocols for Windows 2000, Windows XP, Windows CE and the planned Windows Server 2003 would be available. Only code relating to high-level intellectual property would be held back, but offered to government agents visiting Microsoft’s campus the company said.
GSP is the third attempt by Microsoft to both convince the world its software is safe, despite ongoing concern over viruses and hackers, and to head-off increased popularity of rival open source software among national institutions.
Microsoft launched the Trusted Computing Initiative just 12 months ago, faced with increased alarm over the impact on Windows-based systems of worm viruses.
That initiative saw product development temporarily halted as programmers were sent back to the classroom on matters of software security. Despite that push though, the company continues to issue security bulletins on a daily and weekly basis.
Microsoft, meanwhile, pre-empted GSP by launching the Shared Source Initiative in March 2001 that allows certain customers to view Windows source code. Shared Source was a pseudo open source development model launched by company’s then senior vice president of advanced strategies Craig Mundie amid a frenzied attack on open source.
Microsoft, at the time, claimed Shared Source would also help companies better debug their own software because they can understand how the Windows code works.
Shared Source, though, has not only failed to help secure applications, it has been in place at a time when governments are increasingly adopting Linux and other open source software as either low-cost or more secure alternatives to Windows. Governments leading the charge include France, Germany, Norway, Peru and even certain US government departments.
Clearly aware that governments – which represent lucrative contracts for Microsoft – were unhappy with Microsoft’s efforts to-date, Mundie, now Microsoft’s chief technology officer, has again played the security card with GSP.
This… program will provide governments the opportunity to assess the security and integrity of the Microsoft products they deploy. In talking with Government customers we’ve been told that this is a key capability that they need.
First GSP customers are the Russian government and NATO, while Microsoft claimed an additional 20 have expressed interest.
Microsoft denied it risks losing government contracts to open source, or that the Trusted Computing Initiative had failed to re-assure these lucrative and influential customers. Salah Dandan, world-wide security program manager, said: I don’t think it’s the correct characterization to say the Trusted Computing Initiative hasn’t worked. It’s an ongoing initiative. It’s a journey.
However, Microsoft is definitely bending over a little further for governments than regular customers. Unlike Shared Source, GSP also makes available documentation and access to Microsoft individuals through visits to Microsoft’s campus. GSP is also available in 60 countries, compared to 30 for Shared Source Initiative.
Dandan said: Government is certainly an important market for Microsoft.
He added GSP is open to non-Microsoft customers, and governments using the program are not barred from using Linux or open source software and said the program is not related to any Microsoft sales pitches.
Under GSP, Windows code is downloaded from the web with access authenticated via a smart card. Code can be viewed only, and governments are not allowed to make derivatives.
Source: Computerwire
