Bonum Certa Men Certa

The Unethical Business of Selling Fear of Free/Libre Software Bugs (Black Duck, Sonatype, and Symantec)

Snake oil



Summary: The spreading of fear of Free/Open Source software (FOSS) is now a growth industry, so proprietary opportunists are eager to capitalise on it, even if by distorting the truth

EARLIER THIS month some Black Duck publicity stunt fooled some journalists into promotion of Black Duck FUD. We saw that persisting until April 20th (one week ago), even in pro-FOSS sites (blogs) that did this days later. IDG made a slideshow out of it. Well, sadly, it cites Black Duck, which tries to sell proprietary software under the guise of Free software promotion.



In reality, Black Duck is not just selling fear of GPL violations -- the original 'product' which was 'sold' by this firm. It's a two-faced firm masquerading as pro-FOSS whilst attacking FOSS. Black Duck and Duck Duck Go both give a bad name to ducks. They pretend to be FOSS or at least openwash themselves (a lie) and they pretend to defend users (also a lie, they merely exploit or monetise users).

In other news, Sonatype reportedly compared FOSS to "Public Health Hazard". To quote one report: "That’s the assessment of Joshua Corman, CTO at Sonatype, who took to the stage at RSA 2015 to characterize insecure software as a kind of “cyber-asbestos,” widely deployed, inherently dangerous, and eventually carrying an astronomical cost in terms of human suffering and cost to clean up because …we just didn’t know how dangerous it was at the time when we embraced it."

So Sonatype is again on an anti-Free software binge. It is not the first time (see examples in [1, 2, 3, 4]) and it is easy to see why it is doing this. It's trying to sell its products, which are nothing to do with Free software. Sonatype's track record of FOSS FUD is expanding and may one day rival the Microsoft-connected Symantec, which continues its FUD campaign against Android, generating misleading headlines such as "One in Five Android Apps Is Malware" in this case. When people install software from Google Play, then there is virtually no risk, but don't expect Symantec to properly analyse this. Symantec sells insecurity. To quote the misleading article: "According to Symantec’s latest Internet Security Threat Report, “17 percent of all Android apps (nearly one million total) were actually malware in disguise.” In 2013, Symantec uncovered roughly 700,000 virus-laden apps."

But where are they found? Are any accessible to most Android users? No, so Symantec is defining it wrongly and framing the issue by saying that many applications' "primary purpose is to bombard you with ads." That's not malware, but they made up a new word.

Google has already responded mostly by removing apps with too many ads (that's not malware) and saying that Android "antivirus" is snake oil, as Google said before (responding to the likes of Symantec several years ago).

Android now has an industry of snake oil around it because there is a lot of market share there. The same can be said about FOSS, which is why Black Duck and Sonatype are busy badmouthing security aspects of it. They're all just looking for a quick buck; FUD and reputation damage to FOSS are "collateral damage".

Recent Techrights' Posts

Microsoft-Sponsored Xenophobia and Nationalism
IBM is very similar in this regard
Tentative Summary of Things to Publish in Project 2030
I'll still be in my forties by then
 
Links 21/09/2025: "Hey Hi" (Hype) Under Fire, Fakes Identified; Tesla Burns Family
Links for the day
Google's Software is Malware and Malware in Mobile Devices
Originally posted by Rob Musial
Links 20/09/2025: Hegemony Coming to a Close, Luigi Mangione Ruled Not Terrorist
Links for the day
Gemini Links 21/09/2025: "Charlie Kirk Was a Hateful Piece of Shit" and Slop Code Attempted by Microsofter
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, September 20, 2025
IRC logs for Saturday, September 20, 2025
Gemini Links 20/09/2025: Snowy Photos and utism is a Spectrum
Links for the day
Vintage is Sometimes Better
Why can't we get back to "simple" if (or where) "simple" means better?
Climate Breakdown Means We'll be Publishing More, Not Less
Press freedom will be a common, recurring theme
Our 5-Year Geminispace Anniversary is Coming Up
I still remember when Gemini Protocol was quite new
It's Right to Point Out Violence From the Right
Violence is a recurring theme
Web Browsers That "Do Hey Hi" (AI)
State-of-the-art plagiarism or "autocomplete on steroids" (not coined by us, nevertheless a nice description) don't have much/any prospect
Links 20/09/2025: Hardware Projects in View, Some Independent Publishers About Russia Prosper After Cheeto Cuts Funding
Links for the day
Gemini Links 20/09/2025: Options and TV Time Machine
Links for the day
Links 20/09/2025: Retrocomputer, Antique Phone Experience, and More
Links for the day
Links 20/09/2025: Internet Shutdowns, Media Censorship, and Climate Worries
Links for the day
About 700 New Gemini Capsules in 13 Months (or 54 Per Month)
4.8K would represent a 20% increase
Rust People: Drain the Swap, You're Holding It Wrong
Does Rust make sense?
Techrights the Name Turns 15
About 6 weeks from now we turn 19
Microsoft is Running Out of Time and Floating Fake Figures, Fake Projects, Fake Narratives, Fake Excuses
Also, a lot of Microsoft's "revenue" claims are circular financing (i.e. Microsoft buying from itself, which means Ponzi-like fraud)
Slopwatch: LinuxSecurity, linuxconfig.org, and Plagiarised Phoronix
Many articles out there are nowadays fake
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, September 19, 2025
IRC logs for Friday, September 19, 2025
Gemini Links 20/09/2025: Navigating the Pressures of Modern Life and SpellBinding Accidentally Wrote Another Gemini Server
Links for the day
Links 19/09/2025: Press Freedom Dying in US, Anti-Austerity Strikes in France, and Alan Rusbridger to Leave 'Prospect'
Links for the day
European Patent Office Illegally Gutting and Outsourcing Its Functions, Acting Like an Above-the-Law Commercial Business (It Won't Stop at Formalities Officers (FOs) and Classification Slop at the EPO)
breaking/violating laws and conventions
Offloading to the Sister Site
In the interest of not overwhelming readers
Links 19/09/2025: Coffee Club and "SpellBinding is Now Absurdly Fast"
Links for the day
Links 19/09/2025: Lobbyist of American GAFAM Becomes Data Protection Commissioner in Europe
Links for the day
Links 19/09/2025: Media Freedom Ceases to Exist in US, "Consider Dropping Twitter/X"
Links for the day
Gemini Links 19/09/2025: Thinking and Insect Bites
Links for the day
Microsoft E.E.E.: Git Will Now (or Very Soon) Fully Depend on Rust, Which is Controlled by Microsoft
Microsoft now makes Git dependent on Rust, or making Git dependent on GitHub, which is proprietary
The Right to Punch People (Apparently)
At Brett Wilson, Brett's job title is "Head of Crime" and Wilson normalises calls for violence
Slop or Fake Articles Have Turned Linux Journal From a Pioneering/Trailblazing "Linux" Magazine Into a Nuisance
some sites with former reputation - good reputation - turn into cesspools
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, September 18, 2025
IRC logs for Thursday, September 18, 2025