Microsoft Finally Certifies an Open Source Web App

An anonymous reader writes "Microsoft has caught up with the fact that open source web-based software exists, today announcing an open source project written in PHP is the first 'Certified for Windows' software that (a) follows an OSI-approved license and (b) runs via a webserver rather than operating as a native Windows executable. The software in question is SilverStripe CMS, free software released under a BSD license, that is used to build and manage websites. Certification entails a third-party performing various tests and audits on the software and giving it the green light. If other open source projects can follow suit, this will be another step in getting business folk to see that open source is ready for enterprise use. And heck, maybe even a .NET application could now seek to be certified!"

Re:Microsoft Certification

[Gadget_Guy]

do companies not use a certain software because its not certified my Microsoft?

No. Only a small minority of software is certified, so you would be limiting your options way too much if you discounted the non-certified options. However, it is useful when comparing software to know which ones are certified, because it gives you the confidence that it will work in most environments. I have used non-administrator accounts since the days of NT4, and being certified meant that you knew the software would not have a fit as soon as it couldn't write into your C:\Windows folder.

Re:WiX was frist!

[Anonymous Coward]

Two things:

1. WiX is not a web app
2. I don't think WiX is Certified for Windows

Microsoft supports the development of WiX, but that's not the same as logo certification.

Re:Cookie

[Anonymous Coward]

Microsoft hasn't certified that the software is secure and bug free, they have certified that it behaves according to the guidelines laid out by the logo program.

Some of those guidelines are along the lines of security best practices, true, but the logo process only measures adherence to rules, not quality.

Re:Cookie

[$RANDOMLUSER]

PHP is the only language that has such exploitable vulnerabilities. Windows, which is not programmed in PHP, has never had exploitable vulnerabilities.

Someone's off their meds again...

Re:Microsoft Certification

[shutdown -p now]

I just hope people don't take these certifications too seriously. I don't have experience in an enterprise setting, but do companies not use a certain software because its not certified my Microsoft?

The point of certification is to make sure that software does certain things right - e.g. can run on 64-bit Windows, installs and uninstalls properly and in correct location, stores config files and other data in appropriate places (and not in e.g. "Program Files"), and doesn't do some things that are silly and potentially harmful (like catching and silently swallowing SIGSEGV). Best way to know what the certification actually means is to read the technical requirements [microsoft.com] and judge for yourself.

Re:Tonight On Bizzaro World News ...

[pinkushun]

... and they rave and tell everyone that it's the greatest thing how Microsoft has "innovated" and "implemented" this idea, meanwhile they are just underexposed under the cover of Microsoft's "secure and secluding" hand.

It happened when MS adopted JQuery, and FastCGI, and no doubt many projects yet to come.

Re:Congratulations SilverStripe?

[unbrandy]

Hi, I'm Brian, the CEO of SilverStripe. Thanks for your kind words; they mean a lot. To your question of "Why?" here's the answer: it helps our business. We have many potential clients who run MS IT infrastructures. If we have this certification that greatly increases the confidence in SilverStripe in the eyes of the decision-makers in these organizations. We did not make this decision lightly. We thought a lot about how this would be perceived in the open source community. All along the way we said we'd back out if we thought our principles were being compromised. I am proud to say that we're happy with the outcome. Microsoft actually helped us (in dev resource time) to get our software to work well on the MS stack. Now we can tell more people we can work in their environment. It's truly as simple as that. :) Hope that answers your question. If anyone reading this wants to follow up, I am my first name at silverstripe dot com Thanks, Brian

Re:Microsoft Certification

[TheRaven64]

And sometimes it doesn't mean quite what you think it means. For example, one of the requirements for the Designed for Windows 95 logo was running on Windows NT 4. The Runs on Windows 95 logo didn't have this requirement, so it was quite a good way of telling which programs were trying to do evil things. Amusingly, programs with the Designed For logo are (or, at least, were ten years ago) much more likely to work under WINE than ones with the Runs On logo.

Re:Congratulations SilverStripe?

[unbrandy]

Good point, Westlake. Our open source product and company have the same name. Now, does getting this certification hurt the open source effors we make? Hmmmm. It's a question. We care a lot about our open source community. Truly. We don't take open source lightly. In my opinion, if we can stay true to our open source goals (BSD and listen to community) and be more attractive to clients (so we can pay people to make more open source software) then there's no harm done. I realize this is a touchy area for a lot of people. Hell, if you would have told me a year ago I'd have an ms certified product in a year's time, I would have asked what kind of crack you were smoking. What changed? Understanding who uses our stuff. But that doesn't change our attitude towards open source. In fact, it strengthens prior attitudes. Because the open source ideal must always be protected :) All good, Brian

Wrong: Microsoft does not "certify" 3rd party apps

[SplatMan_DK]

The post is wrong - with all due respect.

Microsoft does not "certify" 3rd party software in any way. They document/specify HOW to get a product certified. It is up to the vendors (Microsoft Partners) to do the testing and certification if they feel it brings them business value. The certification itself is typically conducted by external companies such as Veritest/[url:lionbridge.com] (now one company).

You can pretty much sign up as a Microsoft partner on "Registered Partner Level" for 0 USD and start the cerification process. Or spend 100 USD on a BizSpark package and get 2 years license to Visual Studio and all the MS-stuff you need to get going. The biggest cost is the actual verification by the external testing company - Microsoft is not making any money from the certification process. Their goal is to provide a method by which a software vendor can demonstrate microsoft-compliance for their product. And show that compliance by using a logo.

In short: Anybody who feels up to it can start certifying any FOSS software that runs on a Windows box. Feel like certifying WINE? Go right ahead. Think ClamWin should have the "Works with Windows 7" logo? Go for it - the community will probably gladly help. Think the official "Certified for Windows 2008 Server" logo would look nice on the webpage of Squeezebox Server (former "Slim Server"). Download the source and get started - perhaps Logitec will help you out with resources if you ask them - and be sure to brush up on your Perl skills before your start.

So no ... Microsoft has not "caught up" with anything. And there are already a lot of certified .NET apps that run in a browser. No big deal. Anybody can start a Microsoft certification process and the bulk of the cost goes to external testing companies.

- Jesper