March 18, 2004

Microsoft defines position on shared-source code

Author: Chris Preimesberger

SAN FRANCISCO -- Contrary to what many people believe, Microsoft Corp. has been sharing its Windows source code with certain people for about three years. The software giant, in fact, has 15 such programs from which partners can choose. And there is no revenue whatsoever going back to Microsoft as a result. So why is the company considered the arch-enemy of the open source world?

As you might imagine, there are a few strings attached. Shared source, which is the way the company shares code with its worldwide partners, isn't open source. There is no GPL, you can look at the code all you want but can't change it, and you certainly need to be a sanctioned Microsoft customer. Read the fine print in the documentation at the link above for the details.

Jason Matusow, manager of Microsoft's Shared Source Initiative, offered an explanation and answered some questions on the topic on the second day of the Open Source Business Conference on a summerlike Northern California day.

"Looking at it objectively, all open source development by companies is commercial development," Matusow said. "All this work isn't being done for charity. Take Red Hat, for instance. Call it support licensing if you want, but it's licensing that will generate a revenue share. SUSE clearly is a commercial play. MySQL is one of the most interesting open source business models: Clearly it has commercial intent and uses honest support from the open source community for that end."

Sleepycat Software, the little Berkeley, Calif. company which markets the highly successful BerkeleyDB, came to his attention next. "Sleepycat is also very interesting. Sleepycat employs only Sleepycat developers ... they do not take outside contributions. How open source is that? This is a hybrid (business) model, using a slightly different approach," Matusow said.

Matusow said he is seeing "a merge to the middle" in software development. "(Business) people are looking at open source not from emotional standpoint, but more from a business standpoint. They're looking to find what value might be inherent in open source for their companies, and that's fine, because it is a legitimate tool. But very few companies can run solely on open source, and we think few will in the future, too."

How can Microsoft benefit from the ideas behind open source? "Our strategic goals are built around integrated innovation ... that's a bet we've taken. Time will tell if it's a good bet; we think it's a reasonably good one," Matusow said.

Matusow said there's always going to be a need for proprietary professional help -- both for software itself and in how it is utilized.

"There is a good deal of posturing in open source. Customers keep modifying what they need, and they can lose track of what's actually their own creation. Companies generally do not have the intent to invest in infrastructure components ... they want to invest their dollars in their business applications, not in infrastructure. Integration costs don't go away, however; they're going to balance that cost with open source whenever possible."

Addressing a question about vendor lock-in, Matusow defined it as "a nefarious intent that a software vendor brings to the table, so that you will be shackled to the desk and cannot move. I ask you this: Do you think for one minute that Red Hat is not interested in getting a second sale from that customer? You're constantly seeking to increase the value for your customer's software set. Open source does provide flexiblility, that's a big advantage. But customers also want to continue to work with a company when they invest; they don't want to watch it go away."

This all boils down to the concept of transparency, Matusow said. "We did a survey of developers: Sixty percent said it's absolutely critical to see source code. Okay, fine. Then we asked them: Do you modify source code? Fewer than 5 percent said they modify it. They like to look and play with the toy, but not necessarily change the toy. It's like in the stock market; most people never read the entire prospectus before they buy; they trust that their broker knows what he's talking about and take his advice."

Has Microsoft chosen shared source over open source because it is a legal way for the company to entice developers to create new applications, yet retain control over all the resulting intellectual property? "Not necessarily," Matusow said. "We have programs in which our partners can have access to Windows code, modify it to their liking, and get to own the copyright on their modification ... if they want to dual-license it and put it into a Linux device, whatever, that's their right."

Matusow said Microsoft's shared-source licensing, called a "reference grant," supports its customers in a way they're comfortable with. "What gets shared becomes a factor," Matusow said. "You (as a company) have to decide which of your products is a core asset and what is a complementary asset. Identification of all of these clearly is critical."

How does Microsoft share its code? "We listen to our customers and find out how they want the source code. One vendor had everything on 8 CDs, which held about 1 million lines of code. It wasn't a very efficient delivery system. We helped them host it online, indexed the source base -- based on C++ function definitions -- and the delivery worked."

Asked if he thought open source applications were generally more secure because more eyes had vetted the code, Matusow said: "I challenge the idea that just because a project is open source that it's inherently more secure. Generally, you don't know if trained security experts are looking at the code. There is an element of trust involved that needs to be connected with a company.

"For example, Novell has 5,000 components they're putting together for their next release. The people they have handling that high-level security work -- none of that work is for free. They're all highly paid people."


  • Business
Click Here!