Closed Source — Who Dares Call It Treason?
The cat is out of the bag. During testimony
before a federal judge, Microsoft executive Jim Allchin has
admitted that some code critical to the security of Microsoft products
is so flawed it could not be safely disclosed to other developers or
the public.
Allchin was arguing against efforts by nine states and the District of
Columbia to impose antitrust remedies that would require Microsoft to
disclose its code. He constructed dire scenarios of U.S. national
security and the war against terrorism being compromised if such
disclosure were required.
Now turn this around. Allchin has testified under oath in a Federal
court that software Microsoft knows to be fatally flawed is deployed
where it may cost American lives. We’d better hope that Allchin is
lying, invoking a “national security” threat he doesn’t actually
believe in to stave off a disclosure requirement. That would merely
be perjury, a familiar crime for Microsoft.
If Allchin is not committing perjury, matters are far worse — because
it means Microsoft has knowingly chosen to compromise national
security rather than alert users in the military to the danger its own
incompetence has created. Implied is that Microsoft has chosen not to
deploy a repaired version of the software before the tragedy Allchin
is predicting actually strikes. These acts would be willful
endangerment of our country’s front-line soldiers in wartime. That
is called treason, and carries the death penalty.
Perjury, or treason? Which is it, Mr. Allchin?
There is another message here: that security bugs, like cockroaches,
flourish in darkness. Experience shows that developers knowing their
code would be open to third-party scrutiny program more carefully,
reducing the odds of security bugs. And had Microsoft’s source code
been exposed from the beginning, any vulnerabilities could have been
spotted and corrected before the software that they compromised became
so widely deployed that Allchin says they may now actually threaten
American lives.
Thus Mr. Allchin’s testimony is not merely a self-indictment of
Microsoft but of all non-open-source development for security-critical
software. As with many other issues, the legacy of 9/11 is to raise
the stakes and sharpen the questions. Dare we tolerate less than the
most effective software development practices when thousands more
lives might be at stake?
Closed source. Who dares call it treason?