Summary: Misinformation and selective reporting on software risks sometimes come from Microsoft-tied firms
There seems to have been a growing level of deception/reality distortion field, seeking to establish a consensus that FOSS is dangerous to adopt (security and compliance are the two strands). This distortion of the truth, or accentuation of perceived pitfalls, is nothing new. The recent growth, however, is noteworthy. Maybe it is proportional to the growth of FOSS, which is viewed as an opportunity for proprietary software houses like Black Duck to cash in on. Not just Microsoft-connected entities are part of this (Black Duck is Microsoft-connected in several ways). Lesser known firms, White Source and others, are starting to show up. We do not know the professional background of the managers there, but none of these firms can be described as FOSS-oriented.
“This distortion of the truth, or accentuation of perceived pitfalls, is nothing new.”Univa and Sonatype are some of the examples we named more recently because they helped generate FOSS-hostile coverage using the ‘risk’ theme. I saw about 4 such articles in the past 2 weeks (omitting stories about the same topic), which is far more than the average. I’ve watched this closely for almost a decade.
IDG repeatedly posted (in several sites) some article which cites/references/promotes OpenLogic, a company run by a Microsoft veteran who started it. It also quotes him and describes his ventures as follows: “Steven Grandchamp has seen companies face serious problems because of lax oversight of open-source software.”
“A lot of information about FOSS these days is being manufactured by proprietary entities, some of which are founded and run by people from Microsoft.”So he worked for Microsoft and then decided to change careers to focus on proprietary software which makes FOSS look bad. The proprietary code analysers are being openwashed by stating that they are being used on FOSS and one report about it says: “The service, which began as the largest public-private sector research project focused on open source software integrity, was initiated between Coverity and the U.S. Department of Homeland Security in 2006 and is now managed by Coverity.”
Coverity is not a foe of FOSS and much of its output has been favourable to FOSS. However, let us not lose sight of motives, which are quite independent from truth. A lot of information about FOSS these days is being manufactured by proprietary entities, some of which are founded and run by people from Microsoft. Opportunism? That might be an understatement. They mostly legitimise the fiction that proprietary software comes with no risk (e.g. licenses expiration, projects dying, going the wrong way), whereas it’s FOSS — only FOSS — that involves high risk. █