This is pretty silly. Source code for Cisco and Microsoft products has been circulating since the dawn of the Internet. Meanwhile, Microsoft has some of the most meticulously reverse engineered code on the planet. People who want to illicitly mint zero days out of Microsoft products already have the tools to do so.
And therefore, the "rash of exploits" has already happened and is still ongoing. I think it's just so inconvenient/scary to most people to understand how much is hacked/hackable that they refuse to believe it.
In my opinion the smooth operation of our infrastructure relies less on its security as it does on the discretion of the hackers that have already compromised it.
tplacek's point isn't that source is worse than disassembler output, it's that governments already have and have had access to source for a while (by design as Microsoft does provide source access to many customers, partners, etc). The tooling to dissemble built versions and craft exploits has also existed for a long while.
If source access enabled a rash of zero days, that point in time would have come long in the past.
Nation state hackers with Microsoft source code 'on my'.
Even commercial-wise I doubt it's much concern for making products. Source code doesn't equal a software business, every business knows that. Unless there's some unreleased AI source code sort of thing.
This is a genuine question (and a very tangential one that will hopefully not generate discontent): Has Microsoft ever explored the idea of open sourcing Windows? I don't know much about the propritary side of software but it seems like Microsoft has been pivoting toward SaaS, Azure, etc and with the inclusion of WSL it seems like Microsoft is less concerned about competition from other OS's in the traditional sense, or am I grossly underestimating how much licensing Windows earns Microsoft. Not advocating, I am just curious.
> Has Microsoft ever explored the idea of open sourcing Windows?
Good question. I have zero insight to the matter.
However, I have worked at a vendor when they decided to open source their code. It was a much smaller code base than what Windows probably is. It is quite a big effort. There can be all kind of dirty stuff in the code that you need to clean up. Either for legal reasons because you have purchased the code many years ago, but you are not allowed to publish it. So you need to dig out old contracts and have legal to check what was written when nobody even remotely thought that you could ever open source. And there might be engineering reasons that some code is so bad that you can just not show it.
Wasn't there this story some years ago that Microsoft had some odd DLL in Windows(?) that they couldn't even rebuild themselves anymore, because it required a compiler that has gone out of support years ago. I don't remember the details, but I am sure a code base with the history and size of Windows has some dark spots. Unless someone can tell me convincingly that Microsoft nowadays has a CI this that builds really everything from source in a fully reproducibly manner. I guess if they do they would have proudly reported at a software conference about it. I am not aware that they would have done that, but I am not actively following that field.
I think at this point in time it's either breaking backwards compatibility (definitely not desired by Microsoft's enginners) or breaking license agreements on the parts of code not owned by Microsoft (definitely not desired by Microsoft's lawyers).
You're only reading half of my comment. The other half points out that people who don't care about the law have had access to high-level Microsoft source code for as long as there has been an Internet. Microsoft's trees circulate just like everyone else's.
