The Unethical Business of Selling Fear of Free/Libre Software Bugs (Black Duck, Sonatype, and Symantec)

Dr. Roy Schestowitz

2015-04-27 09:02:52 UTC
Modified: 2015-04-27 09:02:52 UTC

Snake oil

Summary: The spreading of fear of Free/Open Source software (FOSS) is now a growth industry, so proprietary opportunists are eager to capitalise on it, even if by distorting the truth

EARLIER THIS month some Black Duck publicity stunt fooled some journalists into promotion of Black Duck FUD. We saw that persisting until April 20th (one week ago), even in pro-FOSS sites (blogs) that did this days later. IDG made a slideshow out of it. Well, sadly, it cites Black Duck, which tries to sell proprietary software under the guise of Free software promotion.

In reality, Black Duck is not just selling fear of GPL violations -- the original 'product' which was 'sold' by this firm. It's a two-faced firm masquerading as pro-FOSS whilst attacking FOSS. Black Duck and Duck Duck Go both give a bad name to ducks. They pretend to be FOSS or at least openwash themselves (a lie) and they pretend to defend users (also a lie, they merely exploit or monetise users).

In other news, Sonatype reportedly compared FOSS to "Public Health Hazard". To quote one report: "That’s the assessment of Joshua Corman, CTO at Sonatype, who took to the stage at RSA 2015 to characterize insecure software as a kind of “cyber-asbestos,” widely deployed, inherently dangerous, and eventually carrying an astronomical cost in terms of human suffering and cost to clean up because …we just didn’t know how dangerous it was at the time when we embraced it."

So Sonatype is again on an anti-Free software binge. It is not the first time (see examples in [1, 2, 3, 4]) and it is easy to see why it is doing this. It's trying to sell its products, which are nothing to do with Free software. Sonatype's track record of FOSS FUD is expanding and may one day rival the Microsoft-connected Symantec, which continues its FUD campaign against Android, generating misleading headlines such as "One in Five Android Apps Is Malware" in this case. When people install software from Google Play, then there is virtually no risk, but don't expect Symantec to properly analyse this. Symantec sells insecurity. To quote the misleading article: "According to Symantec’s latest Internet Security Threat Report, “17 percent of all Android apps (nearly one million total) were actually malware in disguise.” In 2013, Symantec uncovered roughly 700,000 virus-laden apps."

But where are they found? Are any accessible to most Android users? No, so Symantec is defining it wrongly and framing the issue by saying that many applications' "primary purpose is to bombard you with ads." That's not malware, but they made up a new word.

Google has already responded mostly by removing apps with too many ads (that's not malware) and saying that Android "antivirus" is snake oil, as Google said before (responding to the likes of Symantec several years ago).

Android now has an industry of snake oil around it because there is a lot of market share there. The same can be said about FOSS, which is why Black Duck and Sonatype are busy badmouthing security aspects of it. They're all just looking for a quick buck; FUD and reputation damage to FOSS are "collateral damage". ⬆

[Video] Richard Stallman's Talk in Sweden, Attended by Nearly 700 People, is Now Online: The Web page is in Swedish, but the talk is in English
Confirmed: Very Close Friend of Bill Gates and Microsoft's Biggest Patent Troll Nathan Myhrvold Flew the Lolita Express (a Gateway to Pedophilia), According to Bill Gates-Sponsored Seattle Times: There is no speculation or any "conspiracy theories" here;' those are verified facts
Gemini Links 25/10/2025: "The Highest Leader of The Global Civil Society Community", SSL Certificates Causing Bitrot: Links for the day
Links 25/10/2025: Target Layoffs and "Shutdown Sparks 85% Increase in US Government Cyberattacks": Links for the day
"Big Data" Was a Big Lie: Remember "Big Data"? Remember "Data Scientists"...?
statCounter Has Been Broken for a Long Time: Considering the huge proportion of Web requests that come from LLM bots (more so this past year or two), statCounter may struggle to justify the operating costs
Techrights Anniversary Party on November 7th: Let us know if you need any accommodation-related arrangements
Trends That Must Alarm Microsoft and Mozilla: Expect Firefox to no longer be supported by various sites in the US
Why Microsoft Became the Layoffs Leader: The corporate media is projecting or signalling its own dishonesty when it tells us that Microsoft is a very "valuable" company while the data shows Microsoft is also a "market leader" in layoffs
Speaking for Ourselves and Letting the Facts Speak for Themselves: we've already published over 50,000 pages
For Second Time in a Day The Register MS Takes Money From Private Companies to Sell a Ponzi Scheme: Do not have empathy for those who have zero empathy towards you
IBM is Misleading IBM Shareholders: IBM is still all about vapourware and buzzwords
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, October 24, 2025: IRC logs for Friday, October 24, 2025
The Serial Slopper Starts Up - or Restarts - His Plagiarism Machine (LLMs): Serial Sloppers like these don't belong in news sites. That's why he got sacked by BetaNews.
Links 24/10/2025: Esperanto Music History, Anxiety, and New Portals: Links for the day
Slopwatch: LinuxSecurity.com, Linux Journal, and Pet Slopfarms of Google News: Why does Google News still advance these fake sites to the top of search results?
Links 24/10/2025: Inequality Grows, Billion-Dollar Scam Center Industry: Links for the day
Links 24/10/2025: "Independent Media in Cambodia is Collapsing" and Serious F5 Breach: Links for the day
Coping With the Site Going More Mainstream: Fame is no laughing matter
They Never 'Put Down' Corporations: There are "pests" that are traded in Wall Street
21 Pages in Less Than 7 Hours is No Joking Matter: We've become a lot more effective and efficient
Correct Information is a Valued Asset in the Age of Slopfarms and Public Relations (PR) or Spin: Publishing suppressed facts is never easy
The Register MS Continues to Bag Money to Promote a Ponzi Scheme, Even Money From China: Today in the front page
analytics.usa.gov: The Only Supported Version of Windows (This Past Week) is Only Used by About 13.9% of People in the US, the Home Base of Windows: Even Vista 7 is still used more
Rust is Very Secure: If only Rust itself is secure
Who Will be Held Accountable for Breaking Ubuntu by Imposing Rust on Otherwise-Functional Programs, in Effect Replacing GNU With Proprietary Microsoft (GitHub)?: they're practical people who merely point out that a bunch of buffoons not only ruin Ubuntu but also every future distro based on Ubuntu
Generation Chaff - Phase VIII: In Summary: Like "Science" with a capital "S", what we see here commercial interests usurping everything
Generation Chaff - Phase VII: Curtailing Alternative Media: There was always an obligation - a collective duty of sorts - to uphold independent journalism
Generation Chaff - Phase VI: Centralisation of Information (X, Cheetok/Fentanylware): Would you trust information when controlled by such people?
Generation Chaff - Phase V: Censorship of Dissent (Painted as Harassment or Terrorism): Censorship is all around us now
Generation Chaff - Phase IV: Apps Only Few Companies Decide On: Tools are being collectively confiscated, under the premise or false prospect of "security"
Generation Chaff - Phase III: Slop and Plagiarism: A lot of the current so-called 'economy' is built upon false valuations
Generation Chaff - Phase II: "Cloud", Blockchains and Other Hype: For those of us who turned down those propositions there was a struggle; we needed to justify not having skinnerboxes or "social" accounts in some site run by a private company
Generation Chaff - Phase I: Social Control Media: IRC predates the Web
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, October 23, 2025: IRC logs for Thursday, October 23, 2025
More Clues Shed on Collapse of Microsoft XBox: XBox is basically circling down the drain as Microsoft implements 2-3 waves of layoffs each month
'Vibe Coding' Doesn't Work: In a lot of ways, so-called 'Vibe Coding' is already considered vapourware or a passing fad promoted in the media by managers who try to justify mass layoffs, especially ridding companies of "very expensive" software engineers
Links 24/10/2025: Microsoft's Killing of XBox Connected to Revenue/Profit Problems, "How Elon Musk Ruined Twitter": Links for the day
Gemini Links 24/10/2025: 86,400 Seconds and "Society's Task": Links for the day
Slopwatch: Google News and Slopfarms That Relay Nonsense From LLMs: Google News, which once prioritised or used to care about provenance and quality, is feeding slopfarms
Links 23/10/2025: More Health Concerns Over Dumb Chatbots (LLMs) and "Talking Cars" as Latest Buzz: Links for the day
Gemini Links 23/10/2025: Daylight Savings Time and Duration Shorthand: Links for the day
Links 23/10/2025: LLM 'Hallucinations' (Defects) in Practical Code 'Generation', China Becomes More Economically and Technologically Independent: Links for the day
Why We Support Richard Stallman and You Probably Should Too: It's not about being "Richard Stallman fan", it is about maintaining the right to hold positions (on technology) like his
Linux Foundation Uses LLM Slop to Promote Microsoft in Linux.com (Again), Rendering It a Linux-Hostile Slopfarm: Openwashing with slop by "Linux.com Editorial Staff", which basically seems to be a bot
Some Large German Media Covers Richard Stallman's Talks in Germany Earlier This Week: LLM-based chatbots are just "bullshit generators" (as he has long called them)
Links 23/10/2025: Windows TCO Galore and "The Internet Is Going to Break Again": Links for the day
Trouble in Red Hat/IBM and a Retreat to Ponzi Economics in Search of Wall Street Market Heist: Would you invest your life savings in this kind of crap?
Who Asked Software in the Public Interest (SPI) for a Refund? ($100,000, Resulting in Losses of $267,201 in 12 Months, Highest-Ever Losses): The IRS does not reveal who or what's tied to this refund (or the cause/reason)
Social engineering attack: Debian voted to trick you on binary blobs: Reprinted with permission from Daniel Pocock
Techrights Will Always Stand for Women's Rights: We even invest money - personal savings that it - in our principles
Certified Lawyers Should Know Better (Than to Intimidate Us With Man Who Drives on Motorcycle Through a Really Bad Storm Between Distant Cities, Then Collects Photos of Our Home): Mentioning someone was in prison for bad things isn't a crime, it's a public service
The "AI" (Slop) Bubble is Already Imploding: "ChatGPT Usage Has Peaked and Is Now Declining, New Data Finds"
The So-called "Sexy" Buckets (AI, Quantum) Cannot Save IBM From Reality, Shares Tank: "No matter how much financial hocus-pocus they use to reclassify revenues to land in the "sexy" buckets (AI, Quantum), it still smells old and musty - just like this company."
Paul Krugman is Wrong About the Scope of Mass Layoffs in the United States: A few years ago society was accelerating its journey towards feudalism, boosted by COVID-19
Links 23/10/2025: Proprietary Blunders and CISA's Latest Disclosure of Holes: Links for the day
Gemini Links 23/10/2025: Fast Past (F1), 99.9% Uptime: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, October 22, 2025: IRC logs for Wednesday, October 22, 2025

The Unethical Business of Selling Fear of Free/Libre Software Bugs (Black Duck, Sonatype, and Symantec)

Recent Techrights' Posts