The new Government Security Program (GSP) allows security-related organizations within national governments to review and modify security features in the source code for Windows desktop, server, and embedded operating systems (OSs). The program is a modest extension of the existing Government Source Licensing Program (GSLP), which allows government organizations to review Windows source code, but not to compile the source code with their own modifications. The GSP also expands the amount of source code that government organizations may review, although they must come to Microsoft’s campus to review the most sensitive code sections.

Aims of the New Program

The new program serves several purposes for Microsoft, positioning Windows better against Linux and other open-source OSs whose source code can be freely reviewed; encouraging governments to crack down on software piracy by limiting source code access to governments that have legal protections in place for intellectual property (Microsoft software accounts for a majority of the software pirated worldwide, according to the Business Software Association); and creating sales opportunities as government officials spend time at Redmond reviewing the way Windows is built and talking with Microsoft engineers.

Government interest in open-source software is a major concern for Microsoft because governments and their agencies set standards for the protection of intellectual property and are the largest users of IT products and services in many countries. Linux and open-source software have generally received favorable reviews from a European commission, and the U.S. National Security Agency recently released a special high-security version of Linux for use by government agencies.

The GSP will level the playing field somewhat by removing one Microsoft disadvantage—secret and proprietary code—compared with Linux. Although government agencies face more hurdles when attempting to review Microsoft’s source code than they do when looking at Linux, for which the entire source code can be downloaded at any time from the Internet, Microsoft can now claim that governments with any concerns about security weaknesses in its code can review that code.

Who Is Eligible?

Microsoft says it is willing to share source code with any government that makes sufficient commitments to protect intellectual property. Russia and China, two of the governments eligible for the GSP, have made moves in that direction in recent years, although software piracy rates in those countries remain high—the Business Software Alliance estimates that China (92% piracy rate) and Russia (87% piracy rate) have the second- and fifth-worst piracy rates in the world. So far, the North Atlantic Treaty Organization (NATO) and the Russian government have signed up for the GSP, and the company says that another 20 governments have expressed interest.

The GSP is available to only security-related agencies. Government agencies that want source-code access for other purposes (such as debugging custom applications) must sign up for the GSLP.

More information about Microsoft’s Shared Source initiative is available at www.microsoft.com/sharedsource. For further reading about Microsoft’s efforts to market its products to governments, see "Microsoft Courting Governments" on page 28 of the Dec. 2000 Update.