Microsoft has opened up most
of its Windows source code to its group of dedicated volunteers.
The move to allow the software giant’s Most Valuable
Professionals (MVPs) to view and reference large portions of the Windows
2000/XP and Windows Server 2003 operating systems may come as a surprise to
some, but Microsoft officials argue its necessary.
“Fundamentally, the idea of source licensing is built upon a trust
relationship,” said Jason Matusow, director of Microsoft’s Shared Source
Initiative (SSI). “By having transparency to greater than 1,000 engineers,
that increases trust in the system at a basic level.”
It’s the expansion of an MVP Source Licensing Program first launched in
October 2003, when officials made the source code available to the 175 MVPs
who worked specifically on Windows-related technical issues. Today there
are more than 2,700 MVPs worldwide who work in different “competencies,”
ranging from Microsoft’s XBox console gaming platform to embedded and mobile
devices.
According to Microsoft officials, the program is only available to MVP’s
living in 27 countries; the others are restricted because of their
government’s “laws, practices, enforcement and attitudes toward intellectual
property,” according to the program’s FAQ page. In all, some 2,187 MVPs are
eligible to access the source code.
Microsoft’s
Windows OS
desktop PCs and is the victim of scores of malware programs yearly.
Until recent years, the company has kept its source code close to the vest.
That changed with the Shared Source Initiative (SSI), which let academic
institutions then business partners, OEMs
Until October 2003, the only people looking at the code were members of a
large organization that would face severe financial penalties for
intentionally leaking source code to the world. MVPs on the other hand are
individual volunteers who have distinguished themselves by devoting hours of
their free time aiding Windows users on Microsoft’s many online support
forums.
MVPs don’t seem to be unduly obligated or restricted from honoring the
Shared Source Initiative’s (SSI) licensing agreement. On the company’s MVP
Source Licensing Program Web site, members may read and reference the source
code but may not create derivative works for other software programs or
modify the code. But outside of signing the Master Source Code Agreement
and License Form, users are given only this warning about leaking the code
to all points of the Internet: “In exchange for obtaining access to one of
Microsoft’s most valuable assets, Microsoft requests that the MVP respects
confidentiality of the intellectual property,” the site reads.
Matusow said the warning is found on every source licensing page, not just
for MVPs, and is worded in this fashion on the assumption of trust. So far,
the gambit is paying off.
According to Matusow, there hasn’t been one
incident of its SSI code being leaked to the Internet since the program
began. In addition to the Windows code, Microsoft has opened the code of
its ASP.NET, Visual Studio .NET, Windows CE .NET, Windows CE 5.0, Windows
Installer XML (WiX) and Windows Template Library (WTL).
Clearly, though, Microsoft is taking precautions to ensure its code isn’t
inadvertently swiped. Earlier this year, Microsoft officials confirmed the
illegal
leak of Windows NT and Windows 2000 source code to online forums and
peer-to-peer networks around the world.
It created an uproar in developer
community, though the leak was traced back to an unsecure machine at Mainsoft. The chairman of the software company, Mike Gullard, said it has had a
“unique” licensing program with Microsoft since 1994, long before the advent
of the SSI.
SSI licensees don’t download the source code onto their machines. Instead,
they log into a secure site, the Code Center Premium site, using a smart
card and access the parts of the code they need to reference. Matusow said
the indexing is quite robust, allowing users to perform searches by
function, rather than keyword, allowing for quick retrieval.
Debugging is handled through the WinDgb-Debugger, which lets programmers
compile code they’re using for application development and filling in the
necessary Windows code from the secure site. Code never physically resides
on the user’s system, though the user can print out portions.