LONDON, Jan. 31, 2003 — The United Kingdom Government has today signed an agreement with Microsoft to participate in the recently announced Government Security Program (GSP). The GSP will give the security community within the U.K. Government controlled access to Microsoft® Windows®
source code and other technical information needed to be confident in the enhanced security features of the Windows platform. The U.K. Government is one of the first governments around the globe to sign the agreement, which builds upon work done with Microsoft on projects over many years.
This agreement is the first to be signed with all of the appropriate agencies of a national government, in order to support their service to the rest of the government; in the evaluation, assessment and assurance of security on IT platforms. Through their access to Microsoft source code, these agencies will not only be able to inspect the code line-by-line, but also to simulate threats and assess vulnerabilities. This depth of understanding will enable them to take action and provide Microsoft with the appropriate information to assure the security and trustworthiness of the Microsoft Windows platform. In addition to code access, the agencies are invited to work with Microsoft security professionals, both in the U.K. and at Microsoft development facilities in Redmond, Wash., to review various aspects of Windows source-code development, testing and deployment processes; discuss existing and potential projects with Microsoft security experts; and generally interact with and provide feedback directly to Microsoft staff.
The GSP builds upon Microsoft’s drive to provide best value products and services to the U.K. Government, to establish a trust relationship in the sensitive and critical area of security. This no-fee program gives U.K. Government unprecedented access to Microsoft resources and asks only for information exchange, at the agencies’ discretion, in return.
The Government Security Program is a crucial element of Microsoft’s efforts to address the unique requirements of governments around the world. In 2001, Microsoft launched the Shared Source Initiative, expanding its long-standing efforts to make Windows source code more transparent to trusted partners and customers. In 2002, the company announced its Trustworthy Computing initiative, placing security at the core of all Windows development efforts.
The Government Security Program also supports and builds on the Common Criteria (CC) certification. Windows 2000 achieved CC certification — a globally accepted, independent standard for evaluating the security features and capabilities of information technology products — in October 2002 for the broadest set of real-world scenarios yet achieved by any operating system, as defined by the Common Criteria for Information Technology Security Evaluation (CCITSE). Whereas the CC certification provides a common set of requirements that enables customers worldwide to objectively evaluate the security functions of IT products and systems, the GSP takes this a step further by providing national governments with the information they need to conduct robust security analyses and audits of Microsoft’s Windows products.
“At Microsoft, we view any Government around the globe that uses our software as a trusted partner,” said Craig Mundie, chief technology officer and senior vice president for advanced strategies and policy at Microsoft. “The U.K. Government is certainly no exception and we are delighted to have signed this agreement. Our Government Security Program will provide U.K. Government agencies with the opportunity to assess the security and integrity of the Microsoft products they deploy. In addition to source code access we are providing technical documentation, methods for troubleshooting, access to cryptographic tools subject to export controls and access to Microsoft expert support technicians who can collaborate with U.K. Government agencies on how they use this source code access.”
Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and Internet technologies for personal and business computing. The company offers a wide range of products and services designed to empower people through great software — any time, any place and on any device.
Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corp. in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.