Microsoft decision to let governments review Windows code gets mixed reactions

Microsoft's announcement earlier this week that it would allow governments and international organisations access to the source...

Microsoft's announcement earlier this week that it would allow governments and international organisations access to the source code of its Windows operating system is more about marketing than security, industry experts have claimed.

The software giant said its Government Security Programme (GSP) would free access to the source code and other technical information governments need to conduct "robust security reviews" of Microsoft products.

Russia and the North Atlantic Treaty Organisation (NATO) have already signed up for GSP and Microsoft said it was in talks with 20 more countries.

However, Microsoft has imposed strict limits on what government users can do. They will not be allowed to compile, redistribute or modify the code.

Not being able to compile the code makes Microsoft's offer more air than substance, said DK Matai, chief executive officer of security intelligence company mi2g.

"If the governments can't compile the product, the GSP has more of a psychological assurance angle rather than offering the capability that comes through Linux or BSD-based solutions."

An initial verdict on the initiative by Gartner Group analyst John Pescatore was more positive. "By allowing government clients to see its source code, Microsoft will enable them to identify potential software vulnerabilities faster."

However, Pescatore said real security benefits would depend on Microsoft providing timely fixes for vulnerabilities discovered.

"Although demonstrating that back doors do not exist is a major goal for Microsoft, if Microsoft doesn't face sufficient pressure for timely fixes for discovered vulnerabilities, sharing source code will only have a minimal impact."

The announcement came as Microsoft faces a growing battle against open-source software, primarily the Linux operating system, in the government market.

The GSP is recognition by Microsoft that open source is beginning to harm sales of its products to the public sector.

mi2g's Matai said the GSP decision is "motivated to stop the faltering of sales to the government sector".

Forrester Research analyst Laura Koetzle agreed. "Microsoft is not very happy with many national governments adopting policies favouring open-source software. This programme is to solve that public relations problem to some degree."

Read more on IT risk management