Bonum Certa Men Certa

Unverified Claim: Sam Ransbotham's Belittling of Free/Libre Software Funded by Microsoft

Campus photos

Summary: "Open-Source Could Mean an Open Door for Hackers," says a new article from Robert Lemos, but the facts just don't add up and suspicions arise that Microsoft is in fact partly funding these claims

Two readers separately E-mailed us about a new article that looks too suspicious because it's flatly wrong. "This came up in the ACM daily email today," wrote one reader and another one writes: "Find out if there is any Microsoft connection"

"Apparently, this is another Microsoft-funded study bad-mouthing open source software," said the first reader. I asked: "Where can I see that it's Microsoft funded?"

"Even if that's not the case," he replied, "it has been characterized as a FUD attack."

"I didn't have time to investigate it myself," points out this first reader who cites Dana Blankenhorn and some of the comments we'll get to in a moment:

You don’t expect misleading FUD about open source from MIT’s Technology Review. But here it is.

The story is about a Boston College professor (and Georgia Tech grad — go Jackets) named Sam Ransbotham...

The misleading bit is the idea that open source vulnerabilities spread faster, and are exploited both sooner and with more force, than bugs in proprietary software.

It’s true, but it’s wrong to draw large conclusions from that.

In his work Ransbotham looked at a list of 883 known vulnerabilities and found 97 exploited over two years, 30 of them in open source. Attacks on open source were broader and moved faster than those on closed source.

The real story is a bit nastier. The biggest correlation Ransbotham found was not between open source and attack, but between the existence of a security signature and attacks.

Here is the original article. There is a comment titled "How Paid Studies Reflect Desires of Those Who Pay" and it says (emphasis in red is ours): "Paid studies are all notorious for proving that the sponsor of a study can usually get findings that support their desired outcome. Since this study is funded primarily by Microsoft, then the results should not be surprising. The article is not based on any outright deception or lies, simply on two levels of ignorance. First, the naivete and lack of programming expertise of the general audience who might accept these findings -- a response that no credible or responsible programmer would support, unless he or she also were a partisan MS loyalist. One must only read the weekly threat announcements of critical vulnerabilities in Microsoft and Adobe products, for example to realize that nothing could be more vulnerable than these highly vaunted proprietary products. The second level of ignorance relates to intrinsic security permissions in most UNIX/LINUX operating systems versus that of Microsoft Windows, including Windows Seven. Most of the worlds secure servers are all running on some UNIX based OS, not Windows, for matters of security and reliability -- they are running Solaris, UNIX, or some flavor of LINUX. And this has everything to do with inherent security permissions for the Root user account, versus the "administrative permissions" in Windows that always leave a number of little windows, shutters, back doors and ports wide open to attack, and ability to modify critical registry entries in the Windows OS. There is no "registry" to attack in UNIX, Solaris or LINUX, and nothing can modify a Root file unless it is a live password protected Root User. Autorun scripts and VBS scripts cannot exploit these systems at all."

Another commenter claims an "advertisement coincidence" when s/he writes: "The advertisement for this article is for Microsoft Server. Coincidence? I think not."


Recent Techrights' Posts

Links 23/04/2024: US Doubles Down on Patent Obviousness, North Korea Practices Nuclear Conflict
Links for the day
Stardust Nightclub Tragedy, Unlawful killing, Censorship & Debian Scapegoating
Reprinted with permission from Daniel Pocock
Europe Won't be Safe From Russia Until the Last Windows PC is Turned Off (or Switched to BSDs and GNU/Linux)
Lives are at stake
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, April 23, 2024
IRC logs for Tuesday, April 23, 2024
[Meme] EPO: Breaking the Law as a Business Model
Total disregard for the EPO to sell more monopolies in Europe (to companies that are seldom European and in need of monopoly)
The EPO's Central Staff Committee (CSC) on New Ways of Working (NWoW) and “Bringing Teams Together” (BTT)
The latest publication from the Central Staff Committee (CSC)
Volunteers wanted: Unknown Suspects team
Reprinted with permission from Daniel Pocock
Debian trademark: where does the value come from?
Reprinted with permission from Daniel Pocock
Detecting suspicious transactions in the Wikimedia grants process
Reprinted with permission from Daniel Pocock
Gunnar Wolf & Debian Modern Slavery punishments
Reprinted with permission from Daniel Pocock
On DebConf and Debian 'Bedroom Nepotism' (Connected to Canonical, Red Hat, and Google)
Why the public must know suppressed facts (which women themselves are voicing concerns about; some men muzzle them to save face)
Several Years After Vista 11 Came Out Few People in Africa Use It, Its Relative Share Declines (People Delete It and Move to BSD/GNU/Linux?)
These trends are worth discussing
Canonical, Ubuntu & Debian DebConf19 Diversity Girls email
Reprinted with permission from
Links 23/04/2024: Escalations Around Poland, Microsoft Shares Dumped
Links for the day
Gemini Links 23/04/2024: Offline PSP Media Player and OpenBSD on ThinkPad
Links for the day
Amaya Rodrigo Sastre, Holger Levsen & Debian DebConf6 fight
Reprinted with permission from
DebConf8: who slept with who? Rooming list leaked
Reprinted with permission from
Bruce Perens & Debian: swiping the Open Source trademark
Reprinted with permission from
Ean Schuessler & Debian SPI OSI trademark disputes
Reprinted with permission from
Windows in Sudan: From 99.15% to 2.12%
With conflict in Sudan, plus the occasional escalation/s, buying a laptop with Vista 11 isn't a high priority
Anatomy of a Cancel Mob Campaign
how they go about
[Meme] The 'Cancel Culture' and Its 'Hit List'
organisers are being contacted by the 'cancel mob'
Richard Stallman's Next Public Talk is on Friday, 17:30 in Córdoba (Spain), FSF Cannot Mention It
Any attempt to marginalise founders isn't unprecedented as a strategy
IRC Proceedings: Monday, April 22, 2024
IRC logs for Monday, April 22, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Don't trust me. Trust the voters.
Reprinted with permission from Daniel Pocock
Chris Lamb & Debian demanded Ubuntu censor my blog
Reprinted with permission from
Ean Schuessler, Branden Robinson & Debian SPI accounting crisis
Reprinted with permission from
William Lee Irwin III, Michael Schultheiss & Debian, Oracle, Russian kernel scandal
Reprinted with permission from
Microsoft's Windows Down to 8% in Afghanistan According to statCounter Data
in Vietnam Windows is at 8%, in Iraq 4.9%, Syria 3.7%, and Yemen 2.2%
[Meme] Only Criminals Would Want to Use Printers?
The EPO's war on paper
EPO: We and Microsoft Will Spy on Everything (No Physical Copies)
The letter is dated last Thursday
Links 22/04/2024: Windows Getting Worse, Oligarch-Owned Media Attacking Assange Again
Links for the day
Links 21/04/2024: LINUX Unplugged and 'Screen Time' as the New Tobacco
Links for the day
Gemini Links 22/04/2024: Health Issues and Online Documentation
Links for the day
What Fake News or Botspew From Microsoft Looks Like... (Also: Techrights to Invest 500 Billion in Datacentres by 2050!)
Sededin Dedovic (if that's a real name) does Microsoft stenography
Stefano Maffulli's (and Microsoft's) Openwashing Slant Initiative (OSI) Report Was Finalised a Few Months Ago, Revealing Only 3% of the Money Comes From Members/People
Microsoft's role remains prominent (for OSI to help the attack on the GPL and constantly engage in promotion of proprietary GitHub)
[Meme] Master Engineer, But Only They Can Say It
One can conclude that "inclusive language" is a community-hostile trolling campaign
[Meme] It Takes Three to Grant a Monopoly, Or... Injunction Against Staff Representatives
Quality control
[Video] EPO's "Heart of Staff Rep" Has a Heartless New Rant
The wordplay is just for fun
An Unfortunate Miscalculation Of Capital
Reprinted with permission from Andy Farnell
[Video] Online Brigade Demands That the Person Who Started GNU/Linux is Denied Public Speaking (and Why FSF Cannot Mention His Speeches)
So basically the attack on RMS did not stop; even when he's ill with cancer the cancel culture will try to cancel him, preventing him from talking (or be heard) about what he started in 1983
Online Brigade Demands That the Person Who Made Nix Leaves Nix for Not Censoring People 'Enough'
Trying to 'nix' the founder over alleged "safety" of so-called 'minorities'
[Video] Inauthentic Sites and Our Upcoming Publications
In the future, at least in the short term, we'll continue to highlight Debian issues
List of Debian Suicides & Accidents
Reprinted with permission from
Jens Schmalzing & Debian: rooftop fall, inaccurately described as accident
Reprinted with permission from
[Teaser] EPO Leaks About EPO Leaks
Yo dawg!
On Wednesday IBM Announces 'Results' (Partial; Bad Parts Offloaded Later) and Red Hat Has Layoffs Anniversary
There's still expectation that Red Hat will make more staff cuts
IBM: We Are No Longer Pro-Nazi (Not Anymore)
Historically, IBM has had a nazi problem
Bad faith: attacking a volunteer at a time of grief, disrespect for the sanctity of human life
Reprinted with permission from Daniel Pocock
Bad faith: how many Debian Developers really committed suicide?
Reprinted with permission from Daniel Pocock
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, April 21, 2024
IRC logs for Sunday, April 21, 2024
A History of Frivolous Filings and Heavy Drug Use
So the militant was psychotic due to copious amounts of marijuana
Bad faith: suicide, stigma and tarnishing
Reprinted with permission from Daniel Pocock
UDRP Legitimate interests: EU whistleblower directive, workplace health & safety concerns
Reprinted with permission from Daniel Pocock