[codetrotter]

Microsoft Windows is proprietary software yes, but they have something called the Shared Source Initiative.

> Through the Shared Source Initiative Microsoft licenses product source code to qualified customers, enterprises, governments, and partners for debugging and reference purposes.

https://www.microsoft.com/en-us/sharedsource/

I say this as someone who doesn’t like Windows and doesn’t run Windows. We still need to admit that Microsoft does indeed let others read the source code, only that they decide who gets to read it and not.

[squarefoot]

The problem is that it would be dangerous for any FOSS developer to be chosen among those who can see their sources for obvious legal reason. Anyone willing to be exposed to Microsoft's IP and NDAs that way is probably already so tied to them that we couldn't count on any independent security auditing and reporting without Microsoft authorizing it.

[coliveira]

The key question is: would they let people who want to find bugs? Because that is the point here, if you can read the software but not allowed to do an audit, it doesn't make any difference (for the issue that we're discussing).

[wutwutwutwut]

Can you clarify the distinction? They share the source code so that other people can do auditing, obviously. But what would be the scenario where you are allowed to read the code, but you're not allowed to look for issues? Have you ever seen that set up anywhere? It would not make any sense.

[codetrotter]

See for example the Enterprise Source Licensing Program page https://www.microsoft.com/en-us/sharedsource/enterprise-sour...

Allowed purposes for said licensing program includes “performing internal security audits of the Microsoft Windows operating system”.