Network security has two sides: While you need to keep the wrong people out, you also have to let the right people in. To facilitate this, Microsoft has introduced the Shared Source Licensing Programs. These programs are designed to provide qualified organizations access to the Windows source code, while ensuring that code doesn’t go beyond the licensee and into unauthorized hands.

The product/service:
MSDN Code Center Premium is the product that Microsoft is offering to deliver the code as a service. This is an important concept because Microsoft doesn’t actually want to sell the code to anybody. They just want to make sure that the people who need information about it—be it raw code or debug symbols—can get it.

The Code Center works from within MSDN and Visual Studio .NET. You connect to, and view (read-only) the actual C code used to build Windows 2000, XP and .NET. You can even set breakpoints and analyze memory with debug symbols that are downloaded as needed.

Addressing open source:
While not embracing open source, this program addresses the open source issue as it relates to Microsoft’s business model. Making the source code available to the development community is open source’s strength because it marshals the efforts of a broad range of creative people. Not making it available to the community, as Microsoft has always done, ensures monopoly control and higher profits.

Now Microsoft has weathered a hailstorm of lawsuits challenging its business model—and forcing them to revise parts of it. The next logical step is for Microsoft to take the good parts of open source, while still holding on to its ability to profit from the code.

Proprietary, open source, or national treasure?
If you followed the last 10 years or so of lawsuits against Microsoft, you saw that some of them sought to have Microsoft release the source code to the Windows operating system. This is because some folks (like RealAudio and Netscape) were having a hard time making their software work right on Windows all the time. They often billed themselves as “Windows-Killers;” however, there was evidence that Microsoft was doing the killing by changing its code.

At the same time, the open source community was thumbing its nose at Microsoft because while it enjoyed the input from armies of developers, Microsoft had to shell out dollars for its developers. Notably, the open source business model doesn’t have the profitability that Microsoft’s proprietary business model enjoys. Still, by making the code to applications like Linux available to everybody who wanted to see it, it enjoyed a trustworthiness that still eluded many Microsoft offerings.

The fact that Windows faces export restrictions (and open source does not) gives Microsoft’s operating system the status of national treasure. As such, it is a serious blow to Microsoft to have to surrender its ownership of the technology, as so many civil suits have sought.

Security mechanism
In order to limit the extent to which the code gets distributed, there are several measures in place. It is kind of tricky to put stuff out on the wide-open Internet, and still keep the wrong people from getting at it. The mechanisms Microsoft uses are excellent models for folks who wish to implement their own national-security-level security.

One security measure is that the code center does not deliver any code that is not immediately needed. This is also a performance measure because it would really gum up a network to have the entire source code and symbols downloaded to developer stations. Additionally, when not used, the various downloaded symbols and code snippets are removed from the user’s workstation.

Another mechanism is the use of Smart Cards. When you subscribe to the code center, you receive a Smart Card and a reader to plug into your workstation. You sign on by using the card and the reader and a PIN you give yourself. The card contains encryption codes to ensure that communication with Microsoft occurs with the appropriate level of security.

Another mechanism is work center certification. Before an organization can be accepted into the program, they must have an IT infrastructure that is large enough, and has the appropriate levels of physical and logical security.

The whole scenario walks the line between socialism and capitalism—can anybody ever actually own anything? It gets even weirder when you consider the implications of intellectual property. Finally, in my opinion, this strategy is not some half-hearted attempt to appease the folks who want Microsoft to release its code. It is a full-fledged effort with nothing held back. All of the code is there—for Personal, Professional, Server, Advanced Server, and Datacenter versions; 2000, XP, and future versions; x86 and IA64; and all Beta and Service Releases.

Have your say

What do you think about Microsoft’s Shared Source Licensing Programs? Do they go far enough or is it just Windows dressing? Post your thoughts on the discussion board below.