Thanks to Microsoft’s Government Security Program (GSP), the software giant has offered the Russian Federal Security Service (FSB) a look at the inside source code of Microsoft Windows Server 2008 R2, Microsoft Office 2010 and Microsoft SQL Server.
This is not the first time the company has taken such a step. Earlier in 2002, Microsoft has shared source code with FSB for Windows XP, Windows 2000 and Windows Server 2000. They have also made similar deals with China in 2003 as well as in 2010.
Who Stands To Benefit
In the wake of the ongoing cyber warfare, GSP’s main benefit of “providing insight and a deeper understanding of Microsoft products“, may easily turn into a great opportunity for discovering security flaws in the system. The program’s restriction states that “governments may read and reference the source code but may not modify it.” This contains a glaring loophole as governments who access the source code may not only view it, but can also influence modifications in the code, although this may be done so indirectly. Powerful DIY source code analysis tools and the managed services offered by different companies are just some of the many possible ways a government has at its disposal to execute this process and take advantage of any source code it has access to.
Taking into consideration all the geopolitical factors on an international scale, if either Russia or China manage to find a security flaw by having access to the source code offered to them by Microsoft for “national security reasons”, there’s very, very little probability that they will go public with it, as the cut-throat advantage from a cyber warfare/cyber intelligence point of view is unquestionable.
Expert analysts seem to agree on this. Although the sharing of source code doesn’t automatically result in the eradication flaws, it may offer vital pieces for the puzzle that a particular country has already started building, putting it in the driver’s seat to find security flaws within Microsoft’s products, for defensive and of course, offensive purposes.
Where Does Microsoft Go From Here
From a business point of view, nothing is more valuable than a government contract. This applies to Microsoft. They cannot afford to turn down a commercial deal with large, rapidly developing nations. But in order for this government contract to ever come to fruition, sometimes a company loses sight of the bigger picture – the geopolitical one, citing commercial gains, or plain simple market sector growth strategies and opportunities.
Microsoft, should not just offer a glance at the source code, but should demand and legally oblige those who have access to it for national security reasons, to share back data on important bugs and potential security flaws, so that it becomes a win-win situation. But can Microsoft make such a deal come into effect? It can legally reserve the right to exclude countries who have been purposely fed insecure source code, and opt not to report it. Maybe Microsoft does know what it is doing, and everyone sincerely hopes that it’s for the best.