Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Windows source code leaked?

From: Dave Farber <dave () farber net>
Date: Fri, 13 Feb 2004 06:29:45 -0500

Delivered-To: dfarber+ () ux13 sp cs cmu edu
Date: Thu, 12 Feb 2004 17:25:32 -0800 (PST)
From: Joseph Lorenzo Hall <jhall () SIMS Berkeley EDU>
Subject: Windows source code leaked?
To: Dave Farber <dave () farber net>, Declan McCullagh <declan () well com>

(from Ed Felten's blog "Freedom to Tinker")

http://www.freedom-to-tinker.com/archives/000517.html

Windows Source Code Leaked?

Neowin is reporting that the source code for Windows 2000 and Windows
NT4 has been leaked to the Internet. I haven't looked at the code, and
I won't, so I can't tell you whether the report is accurate. But based
on the fragmentary information available, it appears more likely than
not that the leak is real. If there was a leak, what are the
consequences?

First, whoever leaked the code is obviously in big trouble. And
Microsoft might respond by reducing the number of people who get to
see the code, a number that had been increasing lately. In fact, a
leak is not too surprising given how widely Microsoft distributed the
source code.

Second, the leak will do some damage to the security of Windows
machines, but it's not clear how much. There's a longstanding debate
about the security implications of open source development. Source
code access makes it easier to find security bugs. With open source,
you make it easier for honest outsiders to find bugs, which is good,
but you also make it easier for malicious outsiders to find bugs,
which is bad. This kind of leak give us the worst of both worlds:
honest outsiders will avoid looking at the stolen code, while
malicious outsiders use the code; so you get the security drawbacks of
open source without the security benefits. This will only matter,
though, if the bad guys would otherwise have trouble finding bugs,
which may not be the case.



-----------------------------------------------------------------
Joseph Lorenzo Hall                    http://pobox.com/~joehall/
Graduate Student             blog: http://pobox.com/~joehall/nqb/

"The potency of cheap wine and cheap music should never be
underestimated." --Cole Porter, as quoted by John Nova Lomax in:
http://www.houstonpress.com/issues/2004-01-08/racket.html/1/index.html

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: