September 29th, 2003, 10:54 PM
China puts Windows to the test
A lab to study the Microsoft Windows operating system source code was set up last week in Beijing, China.
Called the Source Code Browsing Lab, it is part of the existing government-run software site, the China Testing and Certification Center for Information Security Products, according a report in the People's Daily.
Microsoft is the first commercial software company that has signed an operating system source code browsing agreement with the Chinese government, said the report, hinting that the lab is also open to other commercial software companies who wish to have their products certified for security.
The report stressed the need for checking Windows source code for security loopholes especially in the light of recent hacker attacks.
However, previous reports have said that the need to search for back doors installed by national intelligence agencies is also among the aims of the agreement.
China, a potentially huge market for Microsoft once the problem of software piracy is solved, has seen whole-hearted government support open source operating systems such as Linux, causing the firm to draw up policies to develop closer ties with officials and to open up the Windows source code for inspection.
In February, the government-run China Information Technology Security Certification Center (CNITSEC) signed an agreement with Microsoft to participate in Microsoft's Government Security Program (GSP).
The GSP plan will share the source code underlying its Windows operating system with several international governments, a move designed to address concerns about the security of the OS.
Microsoft has announced GSP agreements with Russia, NATO and the United Kingdom. The firm is in discussions with more than 30 countries, territories and organizations regarding their interest in the program.
AntiOnline Quick Forum Version 2b Click Here
September 30th, 2003, 01:15 AM
When oh when will people realize that source audits for security are very ineffective? Look at OpenBSD for example, they undergo all kinds of auditing and all it proves is that their system enforces a flawed security policy with relatively few bugs. Such is the symptom of allowing programmers to design. *sigh*