We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Government gets access to Microsoft source code

Security agencies allowed to tinker with Windows to ensure safety of software systems

The government has agreed to participate in Microsoft's GSP (government security program), which provides it with access to Windows source code in an effort to ensure its systems are safe.

The program gives the security community in the government controlled access to the code and other technical information.

Andrew Pinder, head of the government unit that looks after IT security signed the agreement and in a Cabinet Office statement Friday, he said the government would benefit from a clearer view of the security design of Microsoft products and the opportunity to influence future products.

Governments that join the GSP will be given smartcards that allow authorised staff to view the code over a secure channel. They will have access to both the source code and to Microsoft's cryptographic code and a cryptographic development kit.

Government departments will be allowed to alter the code, but only to evaluate any vulnerabilities, said Microsoft's Stuart Okin. They will not be allowed to package or distribute the altered code. Instead, they can take it to Microsoft and "we would take that under advisement," he said.

Government agencies can simulate threats and assess vulnerabilities in addition to inspecting the code line by line. They also are invited to work with Microsoft security professionals in the UK as well as the company's hometown of Redmond. They will be able to review Windows source code development, testing and deployment processes and give feedback directly to Microsoft.

Asked how the government can be sure it is seeing the true source code, Cabinet Office spokeswoman Kathryn Fisher said the government has "entered the agreement on a basis of trust."

The agreement will allow the government to influence the design of future products, Fisher said, by going back to Microsoft with suggested modifications.

Two units will use the source code: the Central Sponsor for Information Assurance, within the Cabinet Office, which is run by Pinder, and the Communications and Electronics Security Group IT security group within the Government Communications Headquarters, Fisher said.

Microsoft views any government that uses its software as a trusted partner, and the GSP allows governments to assess the security and integrity of its products. But, Okin qualified that by saying only those governments with a minimum level of intellectual property laws would be accepted. "We think there are 60 or so governments that qualify," he said.

IDG UK Sites

Apple promises developers better stability, performance for Swift

IDG UK Sites

5 things we hate about MWC: What it's like to be a journalist at a technology trade show

IDG UK Sites

Interview: Lauren Currie aims to help design students bridge skills gap

IDG UK Sites

12in Retina MacBook Air release date rumours: new MacBook Air to have fingerprint ID, could launch...