[ocdtrekkie]

This is commonly suggested and I don't even think from a business revenue standpoint it would be a big deal for them. The biggest issue is that it is a 20 year code base with 20 year old bugs and open sourcing the whole thing would immediately generate open season on Windows boxes from a security standpoint.

You'll see Microsoft open source new things as they go, and probably smaller components as they rework them, but I doubt you'll ever see a truly fully open source Windows, just because of the amount of work involved.

[vbezhenar]

Security researchers don't strictly need sources. An experienced reverse-engineer could read asm like you would read C. So for some people Windows has been open sourced in some way for a long time. They don't apply obfuscation techniques. I don't think that there will be a lot of bad bugs.

[gingerbread-man]

A very good point. But if that were the only impediment, I suspect Microsoft could come up with a rollout plan to mitigate (though not completely eliminate) this problem. Releasing a "preview" of the kernel source to trusted security researchers and academics might be a start.

[ocdtrekkie]

Believe it or not, trusted security researchers and academics already can request parts of the Windows source code, under non disclosure agreements, of course.

But it's one of the largest codebases in the world, AFAIK, and it's immensely complicated. It's hard to quantify just how much work would need to be done to verify it was even marginally safe for release. And there's tons of licensing related issues as well, as far as where Microsoft may have gotten some of the code inside Windows.

It's not impossible, but it's a big gamble, and Microsoft is not a company that gambles big. It's not really in their culture to do what you're suggesting. I would be thrilled if they did, but I'd be jaw-droppingly shocked if it did.

[untog]

I think that underestimates how truly difficult it would be. How many machines are out there in the world still running NT4? Identifying bugs is all well and good but ensuring the fixes go where they're needed... that would be a whole lot more work.