Don't feed black ducks

Yours truly feeding the ducks
near home earlier this year (summer)

Summary: Red Hat's cooperation with Black Duck serves to legitimise a terrible business model, wherein fear of FOSS is being accentuated and proprietary software 'solutions' are being offered

YESTERDAY we became aware of Red Hat turning to Microsoft's friend, Black Duck. It happened with little prior warning and announced with the press release calling it a "[c]ollaboration to help developers, customers and partners build and run trusted, secure applications with Red Hat container technologies" (as if these are inherently less secure than some proprietary software).

What the articles fail to mention is that Black Duck's former top manager is from Red Hat and he came back to Red Hat after his stint at this FUD firm (see the old press release titled "Black Duck Software CEO Tim Yeaton Rejoins Red Hat to Lead Newly-Formed Infrastructure Group"). Well, the doors basically revolved, twice even. Maybe that's why Red Hat came to Black Duck, legitimising what is effectively a parasite inside the FOSS world.

"What the articles fail to mention is that Black Duck's former top manager is from Red Hat and he came back to Red Hat after his stint at this FUD firm..."We have already found some puff pieces about, saying little more than the press release. One of them says that "Red Hat has collaborated with Black Duck Software to establish a secure and trusted model for containerized application delivery by providing verification that application containers are free from known vulnerabilities and include only certified content. This validation is a major step forward in enabling enterprise-ready application containers, and builds upon the strengths of each company – Red Hat’s position in container technologies and solutions, including its platform and certification strategy, and Black Duck’s position as the provider of comprehensive identification and earliest notification technologies of open source vulnerabilities."

In its marketing, Black Duck would have us believe that FOSS is terrible at security, even though proprietary software has back doors 'baked in' intentionally. NSA et al don't 'break into' Windows any more than Microsoft does; they're allowed access, by design, intent, and agenda. Days ago we showed how marketers from Black Duck had claimed that it can cost $25,000 to fix a bug in FOSS.

As of early this morning, this new relationship received press coverage from Serdar Yegulalp (writing for IDG), Sean Michael Kerner for QuinStreet and Steven J. Vaughan-Nichols for CBS. The way Vaughan-Nichols put it, "Red Hat and Black Duck want to make sure that when you run a container, it's really the container you want to run and not a rogue package."

"In many ways, Black Duck is successful as a marketing company, much like polygraph merchants (among other popular scams like homeopathy)."It sounds good on the surface, but is a proprietary dependence healthy in the long term? Based on Vaughan-Nichols, this isn't a short-term engagement. "In the long run," he explains (writing from Red Hat's town), "the companies plan to include Black Duck technologies as a component of Red Hat's container certification."

There are some lazy publications that ended up throwing the self-promotional promotional press release around. The Indian English-speaking press sort of rewrote the press release to make it look more original. Where are the sceptics? Where is the genuine reporting? All we see are puff pieces that relay claims made in a press release.

In many ways, Black Duck is successful as a marketing company, much like polygraph merchants (among other popular scams like homeopathy). ⬆