Aussie government to see Microsoft source code

The Australian government is to gain access to the source code underlying Microsoft's Windows operating system, after signing an agreement with the software heavyweight in Canberra yesterday.

The open-ended agreement - announced today by Microsoft's chief security strategist, Scott Charney - follows more than eight months of negotiations with the federal Defence Signals Directorate, the agency which provides information security products and services to the Australian government and its defence forces.

The agreement falls within Microsoft's global Government Security Programme, an initiative announced earlier this year to address government concerns about the transparency and security of the operating system. Under the programme, governments are given controlled access to Windows source code and other technical information in a move the vendor says is designed to allow them "to be confident in the enhanced security features of the Windows platform".

Microsoft Australia officials confirmed that the agreement encompassed the areas outlined by the company's worldwide GSP programme manager, Salah DanDan, when he announced the programme in mid-January.

The agreement will enable Australian government officials to:

• View the source code for Windows 2000, XP, Server 2003 and CE • Use the code to build those versions of Windows • See Microsoft security documentation the company doesn't otherwise share • Visit Microsoft's headquarters and speak with its developers and perform their own tests on the code

The deal is a fillip for the software heavyweight, whose business has come under fire at Australian state and federal levels from politicians who seeking to make open source software the first choice for government departments and agencies.

One advantage that open source software has had over its proprietary counterpart is the fact the technology community can see exactly what is going on within the product.

However, Microsoft Australia officials played down any reference to the threat posed by open source, saying the GSP was forged in response to requests from governments for greater openness and transparency from the vendor.

The officials said the initiative would, in a post-September 11 and post-Bali bombing world, enhance dialogue between the government and Microsoft over the role of the vendor's products in areas of critical infrastructure, such as banking, electricity and telecommunications.

According to a statement from Microsoft, Charney said: "Microsoft recognises that, in the current global environment, matters ranging from national defence to protection of citizens' personal data, are top of mind.

"Governments have a unique and special role and they must place security at the forefront of their information technology requirements.

"The GSP enables stronger partnerships on IT security matters between Microsoft and our government customers and we are pleased that they have chosen to take up the benefits of the GSP".

Charney, who made the announcement at the Australian Defence Symposium today, told ZDNet Australia that the DSD, as the sponsoring agency, would organise access arrangements for other government agencies.

Tim Burmeister, the acting assistant secretary of information security for the DSD, is quoted as saying in the statement: "Information security is of utmost concern for government agencies and the GSP provides a very useful mechanism to have controlled access to Microsoft source code, technical documentation, cryptographic tools and expert support.

"This agreement represents an important step forward in addressing our IT security requirements".

Microsoft has to date signed up 12 members to the GSP, including Russia, NATO, China, Taiwan and the UK. Up to 35 other countries are evaluating the programme worldwide.

Iain Ferguson writes for ZDNet Australia

Stephen Shankland contributed to this report.