This week another New York Times scoop reported that Microsoft is giving up on its "Persona" project, formerly known as "Hailstorm." Unveiled last year with massive fanfare, "Hailstorm" was to provide a centralized, Microsoft-managed hub for users to access personal services of all kinds on the Net.

But apparently Microsoft was unable to convince other companies to adopt it as a trusted middleman. "After nine months of intense effort," the Times' John Markoff reports, "the company was unable to find any partner willing to commit itself to the program" -- an extraordinary rebuff. With no third-party services on tap to offer users of Persona/Hailstorm, Microsoft decided to abandon the project -- though its underlying .Net technology remains the heart of the company's push to build a new generation of Internet services.

Trust is hard to win and easy to squander. Though Microsoft remains the software industry's 800-pound gorilla, it cannot achieve its goals alone. And on several different fronts today, Microsoft has lost valuable credibility. The collapse of Hailstorm suggests the toll five years of antitrust conflict have taken on Microsoft's ability to work with other companies; too many potential partners simply distrust the intentions of Gates, Ballmer and company. Meanwhile, the Gates-driven push for "trustworthy computing" indicates just how furious Microsoft's corporate clients became over the past year as they watched important business systems brought to their knees because Microsoft's code was insufficiently mischief-proof.

The question now is, can Microsoft effectively tighten up its products -- and win back corporate America's trust -- by throwing enough "man-years" at security reviews? To the folks at Microsoft, the answer is, of course! They feel they have the smartest gang of coders in the world, and if they put their heads to it, they can do anything. Their problem, according to this thinking, was just that they'd been too busy serving up exciting new features to their customers -- too focused on innovation -- to worry about security. Now that they're properly worried, they'll do the job right.

Microsoft is legendarily able to evolve and adapt to changing technology landscapes -- most famously in its reorienting of its entire product line toward the Internet after Gates' famous "Pearl Harbor Day" speech in 1995 -- and it would be foolish to dismiss its efforts or predict its failure.

But in this case, the open-source world's critique of Microsoft's methodology requires more than braggadocio to counter. Open-source developers believe that their software ultimately proves less virus-prone and more trustworthy than most commercial software because the code is not kept under lock and key but rather made available for any developer to examine at any time. Any program in wide use -- Microsoft or open source -- is exposed over time to an almost infinite range of stresses and violations; the open source methodology means that developers can quickly see what's wrong and fix problems as they arise, rather than wait for headquarters to issue bug patches.

Roy Fielding, a Web pioneer who helped create the Apache Web server used by the majority of publicly accessible Web sites (it's serving the page you're reading) and is now chairman of the Apache Software Foundation, points out that one root of Microsoft's security woes lies in its development process itself -- which "encourages individuals to make large changes to the products under deadline pressure, without adequate peer review of every single change at the time it is made." Open source works differently: "Every change that is made to the Apache code bases is ... posted to a mailing list where any person who wants to review changes can do so, in public, and the first person who identifies a potential security problem in a change is given instant credibility within the community."

In this view, the total number of "man-years" of security code review is largely irrelevant. No matter how smart Microsoft's developers may be, they are all part of one company's culture, and the odds are good that no matter how many hours they spend improving their code, they will not collectively be able to imagine all the myriad ways the entire universe of computer users -- and mischief-makers -- will attempt to break it.

Fielding says that Lipner's "more man-years" claim is "absolute crap. They probably spent more money on it, but he is misdirecting the public based on the theory that there are fewer open source developers per project than there are people per project within Microsoft. Open source developers are only a small subset of the people who do security reviews of open source code. Most open source security reviews are done by the hackers and security consultants that make a living from finding (and sometimes exploiting) security holes. They have a very strong incentive for publishing their findings."

The open-source model, in other words, allows for a kind of global stress-testing, peer review and transparent repair that Microsoft can never guarantee. Since its code is proprietary, you can only take Microsoft's word that it has fixed bugs and plugged security holes. And the next time a rogue virus takes down your company's e-mail server, all you can do is curse -- and wait for the company to issue a fix.

Today, with the software industry a linchpin of the global economy, we tend to think of open source as a radical new challenge to the Microsoft-style norm. So it's useful, in looking back at a classic like Brooks' "Mythical Man-Month," to be reminded that -- in the days before Gates and company built their empire on operating-system software -- open source was once considered simple common sense.

In Brooks' day, a program had no general value -- was not considered a true "programming product," in Brooks' words -- unless it could be "run, tested, repaired, and extended by anybody." (The italics are mine.) Such programming "products" require "thorough documentation, so that anyone may use it, fix it, and extend it." To Brooks, and many other software experts of his era, if the programmer hadn't enabled anyone to fix or extend his work, he hadn't finished his job.

Microsoft takes a different view -- always has. With its vast resources, Microsoft can afford more "man-years" than anyone else on earth. But can it rewrite principles of the software business first identified nearly 30 years ago?

The answer will become plain as the results of the "trustworthy computing" project emerge. If the torrent of security gaffes in Microsoft products vanishes, we can applaud Redmond's intrepid troops. But if we're still battling the spawn of the NIMDA and Code Red worms in a year or two, it's time to stop trusting Bill Gates for good.

Recent Stories