Inner source

🕡︎ - 2021-01-25

Apparently a big vendor of proprietary network, system and infrastructure software, SolarWinds, has been broken into, and Microsoft systems were - among others - compromised, giving the attackers access to Microsoft source code.

Not sure why it makes the news, as Microsoft source code seems to have been stolen and made public a number of times previously.

Interesting is how the "Microsoft Security Response Center" explains how this breach was not a problem:

"At Microsoft, we have an inner source approach - the use of open source software development best practices and an open source-like culture - to making source code viewable within Microsoft. This means we do not rely on the secrecy of source code for the security of products, and our threat models assume that attackers have knowledge of source code. So viewing source code isn't tied to elevation of risk," the MSRC said.

From Deciper's article "SolarWinds Attackers Accessed, But Did Not Modify, Microsoft Source Code" by Dennis Fisher.

We have heard a lot from Microsoft over the years, but "inner source", that's a new one!

Microsoft using "open source software development best practices" and "an open source-like culture". Whaat.

Add comment

To avoid spam many websites make you fill out a CAPTCHA, or log in via an account at a corporation such as Twitter, Facebook, Google or even Microsoft GitHub.

I have chosen to use a more old school method of spam prevention.

To post a comment here, you need to:

¹ Such as Thunderbird, Pan, slrn, tin or Gnus (part of Emacs).

Or, you can fill in this form: