The Unethical Business of Selling Fear of Free/Libre Software Bugs (Black Duck, Sonatype, and Symantec)

Dr. Roy Schestowitz

2015-04-27 09:02:52 UTC
Modified: 2015-04-27 09:02:52 UTC

Snake oil

Summary: The spreading of fear of Free/Open Source software (FOSS) is now a growth industry, so proprietary opportunists are eager to capitalise on it, even if by distorting the truth

EARLIER THIS month some Black Duck publicity stunt fooled some journalists into promotion of Black Duck FUD. We saw that persisting until April 20th (one week ago), even in pro-FOSS sites (blogs) that did this days later. IDG made a slideshow out of it. Well, sadly, it cites Black Duck, which tries to sell proprietary software under the guise of Free software promotion.

In reality, Black Duck is not just selling fear of GPL violations -- the original 'product' which was 'sold' by this firm. It's a two-faced firm masquerading as pro-FOSS whilst attacking FOSS. Black Duck and Duck Duck Go both give a bad name to ducks. They pretend to be FOSS or at least openwash themselves (a lie) and they pretend to defend users (also a lie, they merely exploit or monetise users).

In other news, Sonatype reportedly compared FOSS to "Public Health Hazard". To quote one report: "That’s the assessment of Joshua Corman, CTO at Sonatype, who took to the stage at RSA 2015 to characterize insecure software as a kind of “cyber-asbestos,” widely deployed, inherently dangerous, and eventually carrying an astronomical cost in terms of human suffering and cost to clean up because …we just didn’t know how dangerous it was at the time when we embraced it."

So Sonatype is again on an anti-Free software binge. It is not the first time (see examples in [1, 2, 3, 4]) and it is easy to see why it is doing this. It's trying to sell its products, which are nothing to do with Free software. Sonatype's track record of FOSS FUD is expanding and may one day rival the Microsoft-connected Symantec, which continues its FUD campaign against Android, generating misleading headlines such as "One in Five Android Apps Is Malware" in this case. When people install software from Google Play, then there is virtually no risk, but don't expect Symantec to properly analyse this. Symantec sells insecurity. To quote the misleading article: "According to Symantec’s latest Internet Security Threat Report, “17 percent of all Android apps (nearly one million total) were actually malware in disguise.” In 2013, Symantec uncovered roughly 700,000 virus-laden apps."

But where are they found? Are any accessible to most Android users? No, so Symantec is defining it wrongly and framing the issue by saying that many applications' "primary purpose is to bombard you with ads." That's not malware, but they made up a new word.

Google has already responded mostly by removing apps with too many ads (that's not malware) and saying that Android "antivirus" is snake oil, as Google said before (responding to the likes of Symantec several years ago).

Android now has an industry of snake oil around it because there is a lot of market share there. The same can be said about FOSS, which is why Black Duck and Sonatype are busy badmouthing security aspects of it. They're all just looking for a quick buck; FUD and reputation damage to FOSS are "collateral damage". ⬆

We Don't Depend on Google and Don't Care for Google: We have our own site search and we don't depend on Google to bring visits/visitors to us
Facebook Layoffs Due to Enormous Debt, Nothing to Do With "Hey Hi" Slop: The lies about "hey hi" in relation to layoffs will only contribute to further public resentment towards: 1) the media and 2) all the slop.
Universities Became Bad Places for Work: What happened to academia?
Layoffs in Twitter, Facebook, and Microsoft's LinkedIn: There are silent layoffs at Microsoft this month
Change of Address at the Hired Guns, Address Removed: Companies tend to alter their 'shell structure' in anticipation of major action
The Good IBM Managers Have Flown Away, All That's Left is the Book-Cooking Loyalists: IBM is just cheating the SEC and shareholders. This seems to be the only thing IBM's management is nowadays good at.
Microsofters' SLAPP Censorship - Part 12 Out of 200: Months Ahead of Serial Strangler From Microsoft Who Helped Double the Lawsuits (Funded by Third Parties) as 'Revenge' for Exposing Crimes: In 2024 I sat down and wrote about what had been done to me and to my wife
Crime Comes in Many Forms: apparently the SRA is OK with stranglers of women in America bullying the media in the UK
commandlinux.com, linuxteck.com, linuxiac.com, and linuxsecurity.com are Slopfarms With "Linux" in Their Domain Name: once readers realise they read slop they immediately lose interest
Links 14/03/2026: Adoption of Slop Has Killed BuzzFeed, Russia Sees "Economic Gain From Iran War": Links for the day
Patriotism is Conditional, If It's Unconditional, Then It's Like a Cult: My love for Software Freedom is only as strong as my love for Freedom of the Press
Links 14/03/2026: Mass Layoffs at Facebook ('Meta') and Sweeping Layoffs at Twitter (xAI), Social Control Media and Slop Are Only Debt: Links for the day
Wrong Time, Wrong Place (Digg): Kevin Rose and Alexis Ohanian can relaunch Digg.com, but we doubt it'll work "this time for real!"
Reporting New and Suppressed Information is What Journalism is All About: In the domain of Free software, there are very few sites out there that offer exclusive coverage on community affairs and there are many gagging/censorship attempts
The Limits of Speech and the Rationale of Limitations: it seems to be part of an international trend
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, March 13, 2026: IRC logs for Friday, March 13, 2026
Gemini Links 14/03/2026: Goodness, AD534 Multiplier Module, and Extroverts Online: Links for the day
Atlassian Corp: We're Doing Layoffs Because of "Hey Hi"; Wall Street: Atlassian Corp is Just a Failing Business: Don't ask "the media"
Microsofters' SLAPP Censorship - Part 11 Out of 200: Cannot Censor His Spouse, Accusations Are Repeated Today: He already has a history of threatening to sue gay people in America; he cannot take criticism too well
Price of Storage, Price of Energy... What Next?: EPO workers are going on strike because their salaries don't keep up with price increases and tech companies without connections in "the channel" face long delays, low availability, and high prices (no "bulk" purchases), which further solidifies monopolies.
Don't Forget Red Hat's RTO (Return-to-office) Layoffs: How many people still remember that Red Hat did the same thing?
Reminder: Microsoft silent Layoffs by RTO (Commute Time and Lack of Comfort/Work Satisfaction) Already in Effect This Year: It's difficult to measure how many employees have already "left on their own" due to the RTO policy
Founder of IBM Ventures Has Just Quit IBM: Some people leave IBM and many people 'leave' IBM
Signs of Impeding Mass Layoffs - Not Just Quiet Layoffs - at Microsoft: Beneath the surface there are waves of layoffs and even entire teams are let go
Career Science and Academia as Corporate Propaganda 'on Tap': article about surveillance
Veteran GNU/Linux Journalist Jack Wallen Tries Geminispace and Likes It: It'll turn 7 some time soon
Scheduled Maintenance Tonight: There will be similar work early next week
"Alternative to Microsoft Office" Must Use Free/Open Standards/Formats for Real Sovereignty: It would make sense for the EU to invest in its own workers and its own software projects, more so now that there are hostile countries both to the east and to the west
IBM Has No Clue How to Integrate Companies Like Red Hat: IBM is failing to respect this company's culture
Fake Articles From Sites With "Linux" in Their Name/Domain Name: we can at least hope that linuxteck.com made a decision to quit slop
Links 13/03/2026: New US Weapons for Taiwan, Pakistan Air Strikes Hit Kabul: Links for the day
Gemini Links 13/03/2026: Exhaustion and Smartphone Addiction: Links for the day
Friday the 13th & Debian Developers afraid to nominate in DPL elections: Reprinted with permission from Daniel Pocock
Links 13/03/2026: Chatbot "Pentagon Contract" (Bailout) and Secret Service Ditches Slop Pusher: Links for the day
When Everybody Has a Right/Access to An Attorney/Lawyer (But Some Get Funding From Malicious American Corporations to Spend a Million Dollars on Many Lawyers and Several Barristers): And send about 75 KG of legal papers to the residence of the "opponent"
European Qualifying Examination (EQE) Being Reduced to Pieces of Papers One Can Buy, Patent System Rapidly Losing Its Legitimacy: Welcome to the "new Europe"
Priorities in 2026: 2026 is an interesting year
Willis Towers Watson (WTW) Producing More Propaganda for EPO "Cocaine Communication Managers": The Local Staff Committee The Hague (LSCTH) has this new paper about Willis Towers Watson (WTW) and its annual EPO-sponsored propaganda, pretending all is well when things are clearly dire
Head of Microsoft Office and Microsoft 360 is Leaving Microsoft Amid Problems and Mass Layoffs: Microsoft is like a "legacy" company
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, March 12, 2026: IRC logs for Thursday, March 12, 2026
Gemini Links 13/03/2026: "Someone to Take Over Antenna" and Random Seed/RNG: Links for the day
By Expanding to Advocacy of Ponzi Schemes and Bill Epsteingate (Sex Trafficking), Linux Foundation Revenue Grew to $220,730,594, But Salary of Linus Torvalds Not Even in Top 10 Anymore!: true!
In the Name of Transparency, Today We Show Our Defence and Counterclaim: already uploaded by the other side
IBM Cannot Even Do Payroll, Now a "Legitimate Target" of Iran: Missiles or not, it seems like IBM systems will be targeted more by cybercriminals
Links 12/03/2026: Heating Bills to Soar, "Banks in Gulf Evacuate Their Offices": Links for the day
Gemini Links 12/03/2026: On Phone Anxiety and Bjorn "Looking for Someone to Take Over Antenna": Links for the day
Cultification: best candidates avoiding Debian leader elections: Reprinted with permission from Daniel Pocock
Richard Stallman (RMS) et al Cited in 'Nature' (Journal/Site) Today, "CODE beyond FAIR": Under Open Access
The Register MS, on Verge of Collapse, Keeps Promoting a Ponzi Scheme for China: Publishers that participate in this simply don't care about their readers
Overview of False Narratives and Lies Used to Lower Salaries at the European Patent Office (EPO), Abandoning Patent Quality and the EPC: Many of the latter slides are the same as Munich's
Links 12/03/2026: Atlassian Layoffs, GAFAN Covering up Slop-Induced Outages, "Age-verification in Operating Systems and the Internet": Links for the day
The EPO's President, Who Covers Up Cocaine Use, is Trying to Suppress Communication Between EPO Staff Under the Guise of 'Privacy' (and in Defiance of a Court Ruling): Why does Europe's second-largest institution: 1) curtail communication among staff (including union) and 2) go out of its way to avoid obeying a court order from ILOAT in Geneva?
Exactly One Week Before Next EPO Strike, Media Intentionally Not Mentioning EPO Strikes: One form of propaganda technique/s involves the systematic suppression of certain topics, or of particular "narratives"
Microsofters' SLAPP Censorship - Part 10 Out of 200: Showing Public Tweets is Not a Privacy Violation, But This Isn't About Justice, It's About Censorship: It's time to put a stop to this abuse of process (which is what the Judge deemed it to be last year)
Suicide of disgruntled employee? Bus fire at Kerzers / Chiètres, Switzerland, at least six dead: Reprinted with permission from Daniel Pocock
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, March 11, 2026: IRC logs for Wednesday, March 11, 2026
Gemini Links 12/03/2026: "on Urbit" and the True Cost (or Criticism) of "Social Control Media": Links for the day

The Unethical Business of Selling Fear of Free/Libre Software Bugs (Black Duck, Sonatype, and Symantec)

Recent Techrights' Posts