Another Black Duck in the making? Security FUD from a firm established by champions of back doors.

Summary: Another company whose business model is monetising (and thus often enhancing) fear, uncertainty and doubt (FUD) over Free/Open Source software (FOSS) and this one too comes from Microsoft

THIS trend has grown rather tiresome. Every now and then we see Microsoft's tentacles reaching out for areas in FOSS where there is an opportunity to badmouth FOSS. They turn Microsoft's anti-FOSS rhetoric into their business model. They institutionalise it.

"Another Microsoft guy creates a company that says Free software is not secure and needs some proprietary software 'medicine'."Based on a new press release in its various forms/variations [1, 2, 3], we may have yet another OpenLogic or Black Duck in our hands. Another Microsoft guy creates a company that says Free software is not secure and needs some proprietary software 'medicine'.

SourceClear is not even known (we never heard of it, it seemingly came out of nowhere), it's a very young firm, and immediately it receives a lot of money and even promotional coverage from the News Corp.-owned Wall Street Journal, which is a Microsoft-friendly publication. The first sentence provides the background one needs to be aware of:

Mark Curphey worked to stamp out software bugs for about a decade as head of the security tools team at Microsoft Corp. and in several other jobs before he realized that the problem was getting worse instead of better.

To quote Gordon B-P: '"Worked at MS bugs for a decade" - didn't do a very good job there then. What makes him think he'll be able to "secure" OSS?'

Jordan Novet, who is a promoter of Microsoft as we noted the other day, covered this as well, using bug branding such as "Heartbleed", coined by a company which is strongly connected to Microsoft. “It turns out that lots of other [FOSS] libraries have exactly the same issues but have not been reported,” Novet quotes Curphey, whom he describes as "previously a former principal group program manager inside Microsoft’s developer division. [...] SourceClear started in Seattle in 2013..."

“SourceClear started in Seattle in 2013...”
      --Jordan NovetWith OpenLogic, Black Duck, Codenomicon and various other Microsoft-connected (often created by Microsoft people and/or managed by Microsoft people) firms that badmouth FOSS we sure expect SourceClear to be no exception. They serve to distract from the built-in and intentional insecurities of proprietary software such as Windows, including quite famously Vista 10 where back doors are an understatement because everything is recorded and broadcast (total remote surveillance), even without a breach or an access through the back doors.

Microsoft cannot produce secure code because 'national security', i.e. many back doors, are a design goal. It helps Microsoft establish a 'special relationship' with the state and in fact it just got a contract from a highly notorious company, Taser [1].

Here we are in 2013 onwards -- a time when simple bugs in FOSS (a defect affecting one line or two) get all the limelight and receive names, logos etc. whereas Microsoft's critical zero-day flaws hardly make the headlines. There are many high-impact headlines that make a huge deal of fuss every time a security bug is found in Android (again, just in recent years). We suppose it's part of a PR campaign in which Microsoft and its partners evidently participate. They are often the ones who come up with the names, logos, and much of the accompanying negative publicity. ⬆

Related/contextual items from the news:

1. Microsoft Helping to Store Police Video From Taser Body Cameras

   Microsoft has joined forces with Taser to combine the Azure cloud platform with law enforcement management tools.
   
   [..]
   
   In order to ensure Taser maintains a monopoly on police body cameras, the corporation acquired contracts with police departments all across the nation for the purchase of body cameras through dubious ties to certain chiefs of police.