Author: Chris Spencer
Analysts are already out with their flapping lips talking about how the source code could benefit Microsoft’s “rivals.” We in the Linux community know they are
talking about us.
The analysts have it all wrong though. They missed it completely. Open source projects can’t and would NEVER intentionally take advantage of this leak. This leak is as much a disaster to open source as it is to
Microsoft and its users.
The open source community lives in a glass box. We always show our source code and we accept help from anyone around the world to make our
projects better. As a result of this leak all projects that deal with Microsoft interoperability, such as WINE, Samba, and the Linux kernel, are going to need to be vigilant about someone slipping some tainted Microsoft source code into our projects.
We were always vulnerable to this problem but until now Microsoft couldn’t claim that we really could have done it on purpose. This shifts where the benefit of the doubt falls even though 99.999% of all Linux
advocates and developers would never use or even look at proprietary code.
This doesn’t benefit the open source community. All this does is help
people who want to spread viruses, spam, and other annoying and
destructive malware. Make no mistake, these things harm our community too, as
they tie up our networks and misappropriate our resources.
What happens next?
Microsoft is a fine and
upstanding company that has changed in the past few years. They no
longer exert monopoly forces on the software market or trying to
exploit anyone in any way. They are the pillar of what a proprietary
software company should be.
Because of this I know and have complete faith that Microsoft will not
attempt to put the genie back in the bottle and will instead make this
source code available for the publics good. I expect they are going to
make it available so that security experts around the world can aid them
at fixing the bugs that have been exposed. I know they are going to use
it as an opportunity to help with cross-platform compatibility issues.
Most importantly I know that they are going to use this problem as a
chance to give open source developers the opportunity to develop code
analysis tools so that we can check against their leaked source code and
make sure it doesn’t appear in our projects.
A responsible company like Microsoft is going to take these actions so
that in the future they don’t need to take open source projects to court
or worry about someone sneaking in some tainted code. Because I know
that Microsoft doesn’t want to use the law to stifle competition or cost
our open source projects grief in the future when they can end the
problem right now.
Category:
- Security
