RealTime IT News

Microsoft Shares Source Code With MVPs

Microsoft has opened up most of its Windows source code to its group of dedicated volunteers.

The move to allow the software giant's Most Valuable Professionals (MVPs) to view and reference large portions of the Windows 2000/XP and Windows Server 2003 operating systems may come as a surprise to some, but Microsoft officials argue its necessary.

"Fundamentally, the idea of source licensing is built upon a trust relationship," said Jason Matusow, director of Microsoft's Shared Source Initiative (SSI). "By having transparency to greater than 1,000 engineers, that increases trust in the system at a basic level."

It's the expansion of an MVP Source Licensing Program first launched in October 2003, when officials made the source code available to the 175 MVPs who worked specifically on Windows-related technical issues. Today there are more than 2,700 MVPs worldwide who work in different "competencies," ranging from Microsoft's XBox console gaming platform to embedded and mobile devices.

According to Microsoft officials, the program is only available to MVP's living in 27 countries; the others are restricted because of their government's "laws, practices, enforcement and attitudes toward intellectual property," according to the program's FAQ page. In all, some 2,187 MVPs are eligible to access the source code.

Microsoft's Windows OS is used on more than 90 percent of desktop PCs and is the victim of scores of malware programs yearly.

Until recent years, the company has kept its source code close to the vest. That changed with the Shared Source Initiative (SSI), which let academic institutions then business partners, OEMs and government agencies take a peek under the Windows hood.

Until October 2003, the only people looking at the code were members of a large organization that would face severe financial penalties for intentionally leaking source code to the world. MVPs on the other hand are individual volunteers who have distinguished themselves by devoting hours of their free time aiding Windows users on Microsoft's many online support forums.

MVPs don't seem to be unduly obligated or restricted from honoring the Shared Source Initiative's (SSI) licensing agreement. On the company's MVP Source Licensing Program Web site, members may read and reference the source code but may not create derivative works for other software programs or modify the code. But outside of signing the Master Source Code Agreement and License Form, users are given only this warning about leaking the code to all points of the Internet: "In exchange for obtaining access to one of Microsoft's most valuable assets, Microsoft requests that the MVP respects confidentiality of the intellectual property," the site reads.

Matusow said the warning is found on every source licensing page, not just for MVPs, and is worded in this fashion on the assumption of trust. So far, the gambit is paying off. According to Matusow, there hasn't been one incident of its SSI code being leaked to the Internet since the program began. In addition to the Windows code, Microsoft has opened the code of its ASP.NET, Visual Studio .NET, Windows CE .NET, Windows CE 5.0, Windows Installer XML (WiX) and Windows Template Library (WTL).

Clearly, though, Microsoft is taking precautions to ensure its code isn't inadvertently swiped. Earlier this year, Microsoft officials confirmed the illegal leak of Windows NT and Windows 2000 source code to online forums and peer-to-peer networks around the world.

It created an uproar in developer community, though the leak was traced back to an unsecure machine at Mainsoft. The chairman of the software company, Mike Gullard, said it has had a "unique" licensing program with Microsoft since 1994, long before the advent of the SSI.

SSI licensees don't download the source code onto their machines. Instead, they log into a secure site, the Code Center Premium site, using a smart card and access the parts of the code they need to reference. Matusow said the indexing is quite robust, allowing users to perform searches by function, rather than keyword, allowing for quick retrieval.

Debugging is handled through the WinDgb-Debugger, which lets programmers compile code they're using for application development and filling in the necessary Windows code from the secure site. Code never physically resides on the user's system, though the user can print out portions.