[19617] in bugtraq
Re: Microsoft opening its source to selected parties
daemon@ATHENA.MIT.EDU (Dan Harkless)
Tue Mar 13 02:50:53 2001
Message-ID: <200103130200.SAA26840@dilvish.speed.net>
Date: Mon, 12 Mar 2001 18:00:17 -0800
Reply-To: Dan Harkless <dan-bugtraq@DILVISH.SPEED.NET>
From: Dan Harkless <dan-bugtraq@DILVISH.SPEED.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Message from Dirk Bhagat <dirk@HOSTOPIA.COM> of "Sat, 10 Mar 2001
11:09:43 EST." <20010310110943.A25498@horizon.bluegenesis.com>
Dirk Bhagat <dirk@HOSTOPIA.COM> writes:
> > It is not well known, but Microsoft has given the source to universities
> > and research labs for some years now. There has been a web page at
> > research.microsoft.com concerning this matter and describing the
> > procedure to get the code. However, I'm not aware that this has led to a
> > significant increase in system security. I don't remember, whether it's
> > allowed for the researchers to talk about the code or about problems
> > with it.
>
> Here's the URL for the source-code licenses Tobias referred to. Although I
> didn't see any explicit mention of not being able to discuss the code in the
> open, it _does_ mention that licensees may share code with other licensees,
> etc.
>
> http://research.microsoft.com/programs/NTSrcLicInfo.asp
Wow. Judging from:
* Source is licensed to the requesting organization, not individuals to
insure broad internal access.
* No employment restrictions as the result of viewing or using the
source.
and the huge list of licensees:
http://research.microsoft.com/programs/ntsrclicensees.asp
I'd say it's virtually certain that some Microsoft exploits have been
developed with reference to the source. If they're already this liberal
with the source they ought to just open it to the world. Some bad guys
clearly already have access, so you might as well give access to _all_ the
good guys.
----------------------------------------------------------------------
Dan Harkless | To prevent SPAM contamination, please
dan-bugtraq@dilvish.speed.net | do not mention this private email
SpeedGate Communications, Inc. | address in Usenet posts. Thank you.
