Re: Microsoft opening its source to selected parties

[Dan Harkless <dan-bugtraq () DILVISH SPEED NET>]

Dirk Bhagat <dirk () HOSTOPIA COM> writes:
> > It is not well known, but Microsoft has given the source to universities
> > and research labs for some years now. There has been a web page at
> > research.microsoft.com concerning this matter and describing the
> > procedure to get the code. However, I'm not aware that this has led to a
> > significant increase in system security. I don't remember, whether it's
> > allowed for the researchers to talk about the code or about problems
> > with it.
>
> Here's the URL for the source-code licenses Tobias referred to. Although I
> didn't see any explicit mention of not being able to discuss the code in the
> open, it _does_ mention that licensees may share code with other licensees,
> etc.
>
> http://research.microsoft.com/programs/NTSrcLicInfo.asp

Wow.  Judging from:

    * Source is licensed to the requesting organization, not individuals to
      insure broad internal access.

    * No employment restrictions as the result of viewing or using the
      source.

and the huge list of licensees:

    http://research.microsoft.com/programs/ntsrclicensees.asp

I'd say it's virtually certain that some Microsoft exploits have been
developed with reference to the source.  If they're already this liberal
with the source they ought to just open it to the world.  Some bad guys
clearly already have access, so you might as well give access to _all_ the
good guys.

----------------------------------------------------------------------
Dan Harkless                   | To prevent SPAM contamination, please
dan-bugtraq () dilvish speed net  | do not mention this private email
SpeedGate Communications, Inc. | address in Usenet posts.  Thank you.