Last week something very interesting happened in the IT world. Microsoft made a pledge to open up many of the of the APIs and communication protocols that are used in the Windows OS, SQL Server, Office file formats, Exchange, and others. If this holds true, it marks a big change in the way that they've protected their internal data, and that is going create a big stir throughout the IT industry. But, the stir is going to mean different things to different people.
For developers, creating software to interact with Microsoft products, this will provide an incredible source of information, and should lead to much greater interoperability in sharing data between various applications. Soon, there should be more realistic alternatives to the Microsoft giants of Office and Outlook, which are very good at what they do but are pretty heavyweight for a lot of smaller businesses. Samba (a Linux program that works with Windows File and Print Sharing) should also be able to keep current and be much more stable and Feature-rich now that they don't have to guess/reverse the protocols.
But we are a security company and a security blog, so how does this affect security? Likely, it will affect it negatively in the immediate future. In the short term, the information about protocols and file formats will allow for much easier fuzzing, and there will be some interesting vulnerabilities found in previously unchecked codepaths. Which is great, as long as folks with malicious intents don't find and exploit them before the good guys can create a fix. In the end though, more open access to this information will lead to more secure software and a better framework for tools to be developed in, but that doesn't mean it might not be an interesting, if not bumpy year on the security front.
CTU Research Incident Response and Management Information Security Intelligence Risk Management