Microsoft and China Announce Government Security Program Agreement

Beijing, China, Feb. 28, 2003 — Representing the China government, the China Information Technology Security Certification Center (CNITSEC) signed an agreement with Microsoft at the State Development & Planning Commission (SDPC) office to participate in the recently announced Government Security Program (GSP). Mr. Wang Chunzheng, Vice Chairman of the SDPC presided over the signing ceremony. Microsoft Chairman and Chief Software Architect Bill Gates briefed Chinese President Jiang Zemin on the GSP agreement signed between the two parties during todays reception of Mr. Gates by the President.

The GSP is a global initiative that provides national governments with controlled access to Microsoft Windows source code and other technical information they need to be confident in the security of the Windows platform. The China Government is one of the first governments around the globe to sign the agreement. Russia, the North Atlantic Treaty Organization and the United Kingdom announced GSP agreements with Microsoft last month. Microsoft is in discussions with more than 30 countries, territories and organizations about their interest in the program. The signing of the GSP is also a deliverable of the Memorandum of Understanding “On Strengthening Software Industry Cooperation” Microsoft signed with SDPC June 2002.

The CNITSEC was authorized by SDPC to sign the GSP with Microsoft. Dr. Wu ShiZhong, Director of the CNITSEC reaffirmed that information technology security as part of the process of information transfer was a key issue for the government.
“Microsofts GSP provides us with the controlled access to source code and technical information in an appropriate way. It also establishes cooperation between China and Microsoft. Microsoft has taken a great step forward to let us understand its product security.”

The Government Security Program is tailored to the specialized security requirements of governments. The program is a no-fee initiative that provides program participants the ability to review Windows source code using a smart-card-based secure online access and subject to certain license restrictions. Under the GSP master agreement, the government agency can also authorize the sponsored agencies to undertake research projects in the field of information security. In addition to source access, the GSP provides for the disclosure of technical information about the Windows platform, enhancing governments ability to build and deploy computing infrastructures with strong security technologies in place. The program also promotes increased communication and collaboration between Microsoft security professionals and program participants, providing opportunities to visit Microsoft development facilities in Redmond, Wash.; review various aspects of Windows source-code development, testing and deployment processes; discuss existing and potential projects with Microsoft security experts, and generally interact with and provide feedback directly to Microsoft staff.

Microsoft’s Gates said:
“As part of Microsoft’s commitment to creating a Trustworthy Computing environment, we are pleased to have signed this agreement. As a government trusted partner, we are committed to providing the Chinese government with information that will help them deploy and maintain secure computing infrastructures. We see this agreement as a significant step forward in Microsoft’s relations with the Chinese government.”

The Government Security Program is a crucial element of Microsofts efforts to address the unique requirements of governments around the world. In 2001, Microsoft launched the Shared Source Initiative, expanding its long-standing efforts to make Windows source code more transparent to trusted partners and customers. In 2002, the company announced its Trustworthy Computing initiative, placing security at the core of all Windows development efforts.

The Government Security Program also supports and builds on the Common Criteria (CC) certification. Windows 2000 achieved CC certification — a globally accepted, independent standard for evaluating the security features and capabilities of information technology products — last October for the broadest set of real-world scenarios yet achieved by any operating system as defined by the Common Criteria for Information Technology Security Evaluation (CCITSE). Whereas the CC certification provides a common set of requirements that enables customers worldwide to objectively evaluate the security functions of IT products and systems, the GSP takes this a step further by providing national governments with the information they need to conduct robust security analyses and audits of Microsofts Windows products.

Founded in 1975, Microsoft (Nasdaq
“MSFT”
) is the worldwide leader in software, services and Internet technologies for personal and business computing. The company offers a wide range of products and services designed to empower people through great software — any time, any place and on any device.

Microsoft and Windows either registered trademarks or trademarks of Microsoft Corp. in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at http://www.microsoft.com/presspass/ on Microsoft’s corporate information pages. Web links, telephone numbers and titles were correct at time of publication, but may since have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://www.microsoft.com/presspass/contactpr.asp .