- Sat 18 January 2003
- technology
- Gaige B. Paulsen
OK,
I could be wrong here on this issue, but it seems to me that Microsoft has missed the point with their announcement this week that they will allow national governments access to their source code for the purpose of security audits.
I'll admit that I may not be a known security specialist, but under most circumstances the most highly secure systems are those that have the highest level of auditing. Hence, auditing like that done at a source code level for encryption technologies and techniques, such as DES, Blowfish etc. is what helps to make certain these technologies actually work.
Microsoft's initiative allows national governments to go to Redmond and meet with Microsoft people for 2 weeks and get access to limited portions of the source code. With this, they are supposed to figure out if the huge operating system is secure and safe for use in government systems. Remembering back to 1987, when I spent a few weeks working on a B2 secure UNIX project, this level of access is certainly not sufficient for any substantial research or certification.