07.31.08

Pulling an SCO Using Security Firms?

Posted in Free/Libre Software, FUD, Java, Microsoft, Security at 4:02 pm by Dr. Roy Schestowitz

The Fortify “Get the Facts” campaign (against Free software) was only mentioned very briefly here. It came in the form of a warning (it was also included in some link digests).

Security companies are funny creatures because they naturally love insecure software. They love breaking software apart and fear means business to them. Lying is never a problem, no matter the consequences. Moreover, Free software, which is inherently more secure, is a true danger to the business model of security agents, so they fight without tact or mercy [1, 2, 3].

Some concerned people, such as Sean at Internet News, truly wondered what Fortify had in mind. Why would it attack Free software so suddenly? Groklaw found this one, which is merely a possibility, not an explantion. It’s a vanity page bearing the headline: “FORTIFY-MICROSOFT ALLIANCE.”

Microsoft and Fortify Software are enabling software developers and testers to build and deliver more secure applications. Visual Studio 2005 Team Edition for Software Testers offers an easy-to-use yet powerful framework for testing. Fortify leverages this infrastructure and adds Web application security testing capabilities. The combination of the two effectively brings basic security testing out of the realm of specialized experts and into the hands of software testers. In addition, Fortify provides its award-winning source code analysis capabilities to Visual Studio Team Edition for Developers so security flaws discovered in development and testing can be diagnosed and fixed quickly. Working closely with the Visual Studio team has enabled Fortify Software to incorporate its innovative software security capabilities within the powerful Visual Studio

Groklaw adds: “Yes, folks. This partner of Microsoft is the same Fortify Software that put out that “study” that concluded that “Open Source” (but actually only Java) is risky.” It smells like a case of fitting data to an hypothesis and a sensationalist conclusion, and at the same time hitting two rivals of Microsoft: Java and Free software.

They didn’t assess proprietary equivalents. They wanted to encourage businesses to buy products from them. Furthermore, according to this, once/if you looked closely, you would find that proprietary products were shown to be more — not less — defective than Free software. So what has Fortify really proven?

Her main points:

1. There are other security toolkits other than Fortify. Just because you don’t use their system doesn’t mean you don’t care.
2. When reading vendor-sponsored studies consider the source. Always a wise move.
3. Open source projects in Fortify’s Open Review report fewer defects per thousand lines of code than proprietary products in the same review. I didn’t know that.

Fortify may also have some junk software patents, such as this one on “security testing”.

Fortify SCA helps security, testing and development teams pinpoint and eliminate security vulnerabilities in software applications. Fortify’s patent-pending technology delivers the most accurate and reliable results with low false positives..

“There should really be an index somewhere to tell who’s with who.”Watch who Fortify built an alliance with: Wipro, another Microsoft partner that’s joint to it by the hip and lobbies for OOXML — all against India’s interests [1, 2, 3, 4, 5].

Fortify lives in a not-so-healthy neighbourhood of proprietary software companies that combat Free software and encourage software patents.

The apple doesn’t fall so far from the tree.

With money on the table, there is no trust. Will you also believe OpenLogic and Black Duck, for example, despite being headed by former Microsoft employees? They sell open source fear. There should really be an index somewhere to tell who’s with who. It would help tremendously.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

This post is also available in Gemini over at:

gemini://gemini.techrights.org/2008/07/31/fortify-microsoft-wipro-patent/

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. aeshna23 said,

    July 31, 2008 at 6:06 pm

    Gravatar

    There is a right-wing website that would serve as a good model for a project of indexing who’s with who in the MS/proprietary software world:

    http://www.discoverthenetworks.org/

    (Pointing out this website as good model is neither an endorsement of the site nor is it to say that all information there is accurate. Most websites on the left and the right get carried away and honesty suffers.)

What Else is New


  1. OpenSUSE Hates Your Freedom, But It Loves the Proprietary Software Reseller That Is the True 'Master' of OpenSUSE

    OpenSUSE is inclusive of Microsoft and other companies that attack human rights and [cref 141916 enable nationalists]; but apparently what bothers OpenSUSE very, very much is the people who started the operating system SUSE is selling



  2. Links 12/4/2021: Lagrange 1.3.2, Linux 5.12 RC7

    Links for the day



  3. IRC Proceedings: Sunday, April 11, 2021

    IRC logs for Sunday, April 11, 2021



  4. EPOLeaks on Misleading the Bundestag -- Part 14: The Notorious Revolving Door

    The Benoît Battistelli-António Campinos shuffle left some people in the EPO’s upper management better off; they’re being rewarded for complicity, so there’s no incentive to do the right thing but to do the wrong thing



  5. Links 11/4/2021: GnuPG 2.3.0, Linux 5.13 Additions

    Links for the day



  6. All EPO Articles Are Available Over Gemini Protocol

    For lighter and more privacy-preserving access to Techrights use the Gemini capsule instead of the Web site



  7. Judge and JURI

    The Committee on Legal Affairs, a.k.a JURI, meets the EPO tomorrow (in 24 hours); will abuses by António Campinos and Benoît Battistelli be brought up?



  8. EPOLeaks on Misleading the Bundestag -- Part 13: The Failed Promise of a “Good Governance” Guru…

    Before becoming an absent-minded Vice-President of António Campinos Christoph Ernst was posing as the very opposite of what he would become



  9. Gemini Gateways for IPFS

    The World Wide Web is fine for a lot of things, but for controversial publications and publications that invoke the 'wrath' of corporations/states/plutocracy we must look beyond the traditional protocols, choosing decentralised means and self-hosted means of publication (instead or at the very least in conjunction)



  10. Challenging Times for EPO Management

    A discussion of the status quo at Europe's second-largest (but scarcely-understood) institution, subjected to a JURI hearing tomorrow afternoon



  11. “The Fighters of Freedom”

    Some anime fans have made this video about recent events



  12. IRC Proceedings: Saturday, April 10, 2021

    IRC logs for Saturday, April 10, 2021



  13. [Meme] Bundestagate Series Spoiler

    The chain of command/s at the EPO typically leads to major tragedy



  14. Breaking News: Campinos to Appear Before the Legals Affairs Committee of the European Parliament on Monday 12 April

    "Some MEPs have been briefed about ongoing governance deficits at the EPO, in particular the lack of GDPR compliance and the sell-out of "digital sovereignty" to Microsoft, but it remains to be seen whether or not they will dare to bring these issues up during the hearing."



  15. Pro-FSF Petition (“An Open Letter in Support of Richard Matthew Stallman Being Reinstated by the Free Software Foundation”) Tops 6,200 Signatures

    Monopolies and their media, along with their NGOs, have spoken and incited based on falsehoods; people now respond so the hate letter has a real crisis



  16. Links 10/4/2021: osbuild 28, KDE Frameworks 5.81.0

    Links for the day



  17. EPOLeaks on Misleading the Bundestag -- Part 12: A Worthy Successor to His Mentor?

    We examine the role of Christoph Ernst in EPO management, both in the Benoît Battistelli era and the António Campinos era (plenty to hide)



  18. USPTO for Monopolies, Keeping GNU/Linux in the Dark

    Growing evidence of gross discrimination against GNU/Linux (or Free software, even BSD/UNIX) users at the USPTO is too hard to ignore; some people out there challenge the Office over this travesty



  19. Accessibility and Availability First

    To make Techrights more widely accessible and more difficult to block/censor we've been making further changes, including self-hosting where possible



  20. Self-Hosting Videos With Free Formats and Animated Previews, Watermarks/Logos and Translucency

    We examine the power of video editing with ffmpeg, chained with command-line scripting and HTML5 features



  21. Links 10/4/2021: Linux on M1, Wine 6.6, ClamAV 0.103.2

    Links for the day



  22. Lunduke: On Mob Justice in the Tech Industry

    A new video from the former Microsofter who fears the phenomenon that’s adopted by companies like IBM



  23. IRC Proceedings: Friday, April 09, 2021

    IRC logs for Friday, April 09, 2021



  24. EPOLeaks on Misleading the Bundestag — Appendix (Benoît Battistelli's Vichy Syndrome): Georges Henri Léon Battistelli and Charles Robert Battistelli

    Local copies with evidence of or something concrete about Benoît Battistelli’s connection to unsavoury — and by today’s standards outright fascistic — politics



  25. IBM Doubles Down on Masters Being an Acceptable Word in the Context of Technology

    3 days after this post which disproves IBM's stance or shows its double standards it once again says “Masters” in its official blog (won’t that offend and alienate some people as they insist?)



  26. Hate Letter Against Richard Matthew Stallman (RMS) Backfired So Spectacularly That Signers Asked to Revoke Their Own Signatures and the List Was Then Frozen Permanently (Updated)

    "An open letter in support of Richard Matthew Stallman being reinstated by the Free Software Foundation" tops 6,100 signatures (graph generated just moments ago)



  27. EPOLeaks on Misleading the Bundestag -- Part 11: The BMJV's Tweedledee: Dr Christoph Ernst

    The right-hand man of António Campinos plays a role similar to that of Herr Lutz before him



  28. Links 9/4/2021: Tanglet 1.6.0 and HPVM 1.0

    Links for the day



  29. The Libel Against Richard Stallman Did Not Age Well

    Almost 2 years down the line libel about the founder of the FSF remains online, uncorrected (in sites funded by Microsoft and IBM)



  30. The Letter in Support of the FSF and Richard Stallman is Backed by the International Community, Not American Monopolies and Nationalistic Elements

    Free software is for everybody to use, internationally, it is not the asset of a bunch of current and old monopolists (connected to the US military) that also control the media; the nature of the signatures says that out loud


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts