Open source, shared source or secret sauce?

Peter Judge: When Microsoft shared its code, only a few people wanted to look. Were the open-source people wrong all along?

Eighteen months ago, Microsoft opened up its source code to large organisations. After years of pressure from the open-source movement, it gave 2,300 companies the chance to see the innermost secrets of the Windows operating system. But, says Microsoft, only 150 wanted to look.

Shared source is a big PR win for Microsoft. If it flops, as with Windows, it can say its instinct to keep the code to itself was vindicated. "One of the great myths of open source is that everyone wants to look at source code," said Jason Matusow, shared source manager at Microsoft. "We have approached many hundreds (of companies), but most have turned us down. Most say 'we are manufacturers, we don't do source code -- that's your job', and others say they expect their systems integrators to deal with any source code issues."

And if it goes the other way -- for example, a popular initiative to share some source code for Windows CE -- Microsoft still comes up smelling of roses. The company is seen to have responded to a real demand.

All well and good. Microsoft is entitled to draw its own conclusions from its shared source initiative, and it has the political skill to make capital out of it.

But in the long term, there are lots more things to be said. In the end, the open-source community will thank Microsoft for pushing the debate on. Let's face it, the polarisation of the debate can get pretty sterile -- it's all too easy to apply the usual clichés of Open-Source-Good and Microsoft-Evil.

The Shared Source Initiative lets certain users see 90 percent of the code in Windows -- accessing it from a server in Redmond, protected by smart-card security. To qualify, you have to be a large systems integrator, a government, a university, or a business with more than 1500 Windows users under Microsoft's Enterprise Agreement licence scheme.

It's not an open-source licence by any stretch. Users can't modify the code and create their own products based on it, as with the Linux open-source licences -- frankly, it's hard to see Microsoft ever thinking that would be a good idea. The company keeps 10 percent of the code to itself -- this contains code belonging to third parties, cryptographic information and company competitive code. Again, that makes sense for Microsoft.

But, within those limits, the scheme does give some developers the benefits of seeing Microsoft's source code. In so doing, it chips away at the benefits the open-source community claims for itself. And this should help us focus on what is really good and bad about each scheme.

Firstly, the old (and somewhat dated) charge that Microsoft's application developers benefit from undocumented APIs their competitors don't know about will be less easy to make in future.

Secondly, it draws attention to the fact that Microsoft really does have an enthusiastic grassroots developer community around at least some of its products. When Microsoft put up a chunk of Windows CE source code on its Web site, it was downloaded 128,000 times -- and the community for embedded systems development is only 300,000 strong, says Matusow.

This initiative only opens up 45 percent of the source, but it is open to anyone, and it allows you to redistribute derivative code -- for non-commercial use. Given the excitement around mobile systems, the popularity is no surprise. Similarly 35,000 people looked at the source for the CLI (common language interface) of Microsoft's .Net Web services environment.

Enthusiasm in these "cool" areas shows that open source is not the only way to build grassroots support. If you like, Microsoft is building a bazaar in its cathedral, to unpick Eric Raymond's memorable phrase.

The fact of this initiative will also change the game when future bugs and weaknesses get uncovered. Many eyes check open source, the argument goes. In open source, bugs come into the open and aren't hidden.

Already Microsoft is geared up with one counter-argument. Every marketing manager from Redmond can trot out a list of bugs in open-source programs -- the current favourite being the flaw that lurked in the Kerberos open-source security system for ten years. Many eyes did not spot that one, says Microsoft.

Now there's another argument. Many eyes will be looking at Microsoft products, and this shows Microsoft is not relying on security through obscurity, says Matusow. Microsoft won't be keeping its bugs to itself, he says, in the hope that no one will notice them, as it has been accused of doing in the past.

As always, it's a consummate marketing move. But at the same time, it looks very much as if Microsoft is genuinely learning something from the open-source movement. Is it possible that both communities may gain from this?

To have your say online click on TalkBack and go to the ZDNet UK forums.