The reuters link posted here is click-bait junk. This section from the Microsoft blog provides better context.
>We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories. The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated.
>At Microsoft, we have an inner source approach – the use of open source software development best practices and an open source-like culture – to making source code viewable within Microsoft. This means we do not rely on the secrecy of source code for the security of products, and our threat models assume that attackers have knowledge of source code. So viewing source code isn’t tied to elevation of risk.
Not untrue. Internal orgs adopt a monorepo structure - the source for the majority of the infra is readable from almost any developer within the company.
> To distinguish, they even have a different name for it - inner source.
Yeah, I recognize MBA speak when I see it. That's why I chuckled. They were hacked and somebody saw their code. Now some guy in upper management has to spew some bullshit to protect the company's "image".
Work at MS, that term has been used for a long time internally, certainly longer than I have worked here. It really is very useful to be able to go find the code for a product when you want to understand how something works.
>We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories. The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated.
>At Microsoft, we have an inner source approach – the use of open source software development best practices and an open source-like culture – to making source code viewable within Microsoft. This means we do not rely on the secrecy of source code for the security of products, and our threat models assume that attackers have knowledge of source code. So viewing source code isn’t tied to elevation of risk.
https://msrc-blog.microsoft.com/2020/12/31/microsoft-interna...