Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Microsoft Government Security The Military

Microsoft Signs Renewed Cybersecurity Agreement With NATO 37

An anonymous reader writes: Microsoft and NATO have renewed a cybersecurity partnership. The agreement is part of Microsoft's Government Security Program (GSP) which allows worldwide federal bodies controlled access to Microsoft source code. PCWorld reports: "Since its inception, the GSP has grown to encompass a bunch of other types of information, especially over the past few years. With the new agreement, NATO will get controlled online access to source code for key Microsoft products including Windows and Office; information about Microsoft's cloud services, and intelligence about cybersecurity threats."
This discussion has been archived. No new comments can be posted.

Microsoft Signs Renewed Cybersecurity Agreement With NATO

Comments Filter:
  • by Anonymous Coward

    And that boys and girls is another example of why you should NEVER trust Microsoft or governments.

    • Re:SEE! (Score:4, Interesting)

      by NoZart ( 961808 ) on Tuesday September 15, 2015 @08:42AM (#50524383)

      But when i KNOW what an entity does, then i can trust in that and act accordingly.

      It's way worse when some entity does NOT disclose such behaviour.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      Governments also have access to Linux source code, so I guess we shouldn't trust Linux either?

      • Re:SEE! (Score:4, Informative)

        by Bert64 ( 520050 ) <{bert} {at} {slashdot.firenzee.com}> on Tuesday September 15, 2015 @09:12AM (#50524551) Homepage

        The point is that we also have access to linux source code, so we're all on a level playing field.
        Closed source code is only available to select groups, and is also in the hands of blackhats. Legitimate security researchers have no access to it.

        • Legitimate security researchers have no access to it.

          Legitimate security researchers have no legal access to it. FTFY.

          • by Bert64 ( 520050 )

            That's the whole point, legitimate security researchers don't want to break the law...

            • No. The law is entirely orthogonal to the matter; an illegitimate security researcher would be looking to for vulnerabilities to exploit and a legitimate security researcher would be looking for vulnerabilities to patch.

              "Legitimate" != "legal"

    • Re:SEE! (Score:5, Informative)

      by Chrisq ( 894406 ) on Tuesday September 15, 2015 @08:47AM (#50524415)

      And that boys and girls is another example of why you should NEVER trust Microsoft or governments.

      I would be interested to see (if not classified) what the Nato recommended settings for Windows are. I have just taken the "free Windows 10" upgrade and took the "detailed" rather than the "quick settings" options and was amazed at the number of different data collection options I had to turn off. I say "had to", the truth is it probably doesn't matter, I dual boot and use Windowsa two or three time a year to run things like the update for my satnav

      • Re:SEE! (Score:4, Informative)

        by plcurechax ( 247883 ) on Tuesday September 15, 2015 @10:49AM (#50525043) Homepage

        I would be interested to see (if not classified) what the Nato recommended settings for Windows are.

        The US's NSA (with NIST - US National Institute of Standards and Technology) and Canada's CSE(C) (with the Treasury Board / Public Works) publish guidelines for civilian government security policies and recommendations on their public web sites. I believe other (counter-)intelligence agencies do the same as well.

      • Not all data collection has vile intentions. A lot of the data collected is used to understand user behavior or the sequence of events that lead to a failure. Some of the data collection is simply to do with the errors themselves.

        By default they leave it on because they want to improve their OS.

        The good thing is you have an option to opt out.

      • I can't help but to wonder how many of those switches are nothing but disconnected flickering UI elements.
    • Microsoft "security" is a perfect way for any government organization to waste public tax money. Of course, we could use the money to import more Syrian terrorists, but I'm sure that we can find the money somewhere to do that too.
  • by Anonymous Coward

    They allowed access to their source code and found exploits. Being ethical, they of course tried to fix them...

    And then I woke up... It was just a dream.

  • Viewing the source code means nothing here.

    The critical thing is: can they build that instance of the source code and use it in production ?

    If not, then this is just a PR exercise because you have no way of knowing that your production binaries are built from this instance of the source code.

    • by eibhear ( 307877 )

      Spot on.
      Microsoft could prove the value of the programme if it implemented something like the the Reproducible Builds project by Debian: https://wiki.debian.org/Reprod... [debian.org]
      'Course, that would probably be an openness too far for them...

    • They don't need to build it. They'll be able to analyze it for security issues and keep the 0-day exploits they find to themselves. And they'll get notified in advance when Microsoft spots the same issue, so they'll have time to switch tactics.
  • Dear NATO:

    In the interests of keeping our world safe, we hereby promise not to sell you any of our products. We do hope you appreciate the gesture.

    Sincerely yours,

    Microsoft

"The pyramid is opening!" "Which one?" "The one with the ever-widening hole in it!" -- The Firesign Theatre

Working...