Bonum Certa Men Certa

Unverified Claim: Sam Ransbotham's Belittling of Free/Libre Software Funded by Microsoft

Campus photos



Summary: "Open-Source Could Mean an Open Door for Hackers," says a new article from Robert Lemos, but the facts just don't add up and suspicions arise that Microsoft is in fact partly funding these claims

Two readers separately E-mailed us about a new article that looks too suspicious because it's flatly wrong. "This came up in the ACM daily email today," wrote one reader and another one writes: "Find out if there is any Microsoft connection"



"Apparently, this is another Microsoft-funded study bad-mouthing open source software," said the first reader. I asked: "Where can I see that it's Microsoft funded?"

"Even if that's not the case," he replied, "it has been characterized as a FUD attack."

"I didn't have time to investigate it myself," points out this first reader who cites Dana Blankenhorn and some of the comments we'll get to in a moment:

You don’t expect misleading FUD about open source from MIT’s Technology Review. But here it is.

The story is about a Boston College professor (and Georgia Tech grad — go Jackets) named Sam Ransbotham...

The misleading bit is the idea that open source vulnerabilities spread faster, and are exploited both sooner and with more force, than bugs in proprietary software.

It’s true, but it’s wrong to draw large conclusions from that.

In his work Ransbotham looked at a list of 883 known vulnerabilities and found 97 exploited over two years, 30 of them in open source. Attacks on open source were broader and moved faster than those on closed source.

The real story is a bit nastier. The biggest correlation Ransbotham found was not between open source and attack, but between the existence of a security signature and attacks.


Here is the original article. There is a comment titled "How Paid Studies Reflect Desires of Those Who Pay" and it says (emphasis in red is ours): "Paid studies are all notorious for proving that the sponsor of a study can usually get findings that support their desired outcome. Since this study is funded primarily by Microsoft, then the results should not be surprising. The article is not based on any outright deception or lies, simply on two levels of ignorance. First, the naivete and lack of programming expertise of the general audience who might accept these findings -- a response that no credible or responsible programmer would support, unless he or she also were a partisan MS loyalist. One must only read the weekly threat announcements of critical vulnerabilities in Microsoft and Adobe products, for example to realize that nothing could be more vulnerable than these highly vaunted proprietary products. The second level of ignorance relates to intrinsic security permissions in most UNIX/LINUX operating systems versus that of Microsoft Windows, including Windows Seven. Most of the worlds secure servers are all running on some UNIX based OS, not Windows, for matters of security and reliability -- they are running Solaris, UNIX, or some flavor of LINUX. And this has everything to do with inherent security permissions for the Root user account, versus the "administrative permissions" in Windows that always leave a number of little windows, shutters, back doors and ports wide open to attack, and ability to modify critical registry entries in the Windows OS. There is no "registry" to attack in UNIX, Solaris or LINUX, and nothing can modify a Root file unless it is a live password protected Root User. Autorun scripts and VBS scripts cannot exploit these systems at all."

Another commenter claims an "advertisement coincidence" when s/he writes: "The advertisement for this article is for Microsoft Server. Coincidence? I think not."

Comments

Recent Techrights' Posts

How We Do Techrights (and What's Changing Next Week)
Many former news sites no longer yield much non-meaningless news (not anymore); there's a gap to be filled
Links 12/07/2026: Palantir Unrest and Wireshark 4.6.7
Links for the day
Links 12/07/2026: New Instrument Time and PalmOS Experiences in 2026
Links for the day
Red Hat Staff Says IBM Policy Has Stigmatised Him as a Tool and a Slopper With Plagiarism Tools
IBM is killing Red Hat with slop
Freedom of Choice or Freedom Versus Choice (or When All Choices Are Incompatible With Freedom)
When some business asserts that it gives people different options, then it can rightly argue that it offers some choices, but that is not the same as freedom
Techrights IRC Turns 5 Without a “Code of Conduct”, “Code of Conduct Committee”, and All Those Bureaucratic Nightmares
18+ years if one counts our time in Freenode as well
Why U No Use AI???
Many hype waves come and go
There Are Still Slopfarms in Google News
Google is trying to participate in if not lead this pyramid scheme
The Cyber Show Explains How Slop and Promotion of Slop is About Taking Control Away From Computer Users
"On making a trustworthy machine"
Keeping Available the Site at All Times
Informal arrangements and crowdfunding keep our work available despite resistance (including from people who break the law)
What If "Era of AI" and "AI Revolution" (Fake News) Never Happened?
So how much longer before the bust (or bubble-burst)?
GNU/Linux Approaches 5% in Australia
5% by year's end?
Europe/EU is Moving Towards Independence, Fast to Adopt Free Software
More and more states (governments, public sector) in Germany are dumping Microsoft
GNU/Linux Grows at the Expense of Windows
People who want to get work done already left Windows
Tux Machines Growing as a Volunteers-Run Site
Historically the site did not have many original stories, but this changed as the audience grew and the site gained more recognition
Links 12/07/2026: European Commission Versus ‘Addictive Design’, "Google Loses Final Appeal Over $4.7 Billion EU Android Antitrust Fine"
Links for the day
GNU/Linux Market Share Increases Some More Today, statCounter Measures It at 7.3%
Will more such thresholds and records be broken?
Gemini Links 12/07/2026: Studying Languages and 2026 Old Computer Challenge (OCC)
Links for the day
EPO "Cocaine Communication Manager" - Part XIII - At the EPO, Cocaine Addicts and Their Friends Are "Protected Class"
What does that tell us about the EPO?
Increasing Output by Focusing on Originals
It's probably more important to carry on with these than it is to keep abreast of non-crucial news
Amid Strikes and Industrial Actions, Young Professionals at the European Patent Office (EPO) Kept on 'Short Leash', According to the Local Staff Committee The Hague
Issues affecting Young Professionals
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, July 11, 2026
IRC logs for Saturday, July 11, 2026
Blogs May be Making a Comeback (They're Not Fediverse, They Are Joined by RSS Feeds)
Don't fake expansion where none existed
ChromeOS and GNU/Linux in the United Kingdom Reach 11%
the UK shows signs of digital maturity
Corporate Media: Blame the People Who Enter the Abandoned IBM Buildings, Not IBM for Abandoning Workers in Pursuit of IT Sweatshops
When the media spreads falsehoods stocks can go up (a lot higher), but at whose expense and how long for?
Canonical is Selling Microsoft, It Pays The Register MS to Sell Microsoft
It's all about money to them. And they call this journalism.
When Red Hat's HR Becomes the Same as IBM's HR (Bluewashing)
Red Hat keeps sacking very experienced engineers and adding temporary interns
GNU/Linux Growing in East Asia
Assuming this is more or less accurate, we could use a plausible explanation
SUEPO Munich Report on the Recent EPO Demonstration and Rolling Strikes That Continue to Grow
"increasing registrations for the 'rolling strikes' running until autumn"
Over a Week After Microsoft Discontinued Some XBox Models It Apparently Exits Some Markets Altogether
We seem to be witnessing the end of XBox
Gemini Links 11/07/2026: Old Computer challenge, Poems, Antenna, and More
Links for the day
Links 11/07/2026: "Trademark wars of Influencer Culture", Xinuos Uses Copyrights Versus UNIX
Links for the day
North America: GNU/Linux Measured at 10%
To better understand what contributes to the gains
Following Corrections and Adjustments statCounter Sees GNU/Linux at 7.1%, an All-Time High
There is a lot of layoffs at Microsoft this month
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, July 10, 2026
IRC logs for Friday, July 10, 2026
Links 11/07/2026: Wednesday-Saturday News Catch-up
Links for the day
Prioritising High-Importance News
In order to fully catch up with news we'll not publish many new articles until next week