"If Edward Snowden's NSA and GCHQ leaks taught us anything, it's that proprietary software is not secure and Free software should not tolerate proprietary blobs or hardware (e.g. in hard drives)."Sonatype should issue/produce a study on how many proprietary systems are not being patched. Or worse: say how many don't get fixed by the vendor; how many bits of proprietary software have severe flaws with never even fix issued? How many flaws are not being revealed to the public? See how Microsoft admits hiding flaws. What about back doors (intentional flaws)? Abandoned software with secret code is almost guaranteed to be Swiss cheese. These debates are mostly missing from corporate media. Only yesterday security guru Bruce Schneier wrote: "One of the biggest conceptual problems we have is that something is believed secure until demonstrated otherwise. We need to reverse that: everything should be believed insecure until demonstrated otherwise."
Glancing at another IDG piece from the past few days, it looks like there is agenda, maybe the editor's or publisher's (Microsoft and Apple are big clients, e.g. with advertising and IDC contracts). The piece is a one-sided attack on Free software security; flaws in Free software aren't any worse (or more in quantity) than in proprietary software, developers are just not hiding them. That's not hard to understand, is it? IDG likes to promote this 'New Illusion' of Free software being not secure (part of the latest FUD wave/strategy), using bugs with "branding" [1, 2, 3], irrespective or real severity.
If Edward Snowden's NSA and GCHQ leaks taught us anything, it's that proprietary software is not secure and Free software should not tolerate proprietary blobs or hardware (e.g. in hard drives). Don't let IDG change the consensus. Surely IDG has the budget to hire some technical journalists who can challenge myth makers, but would that ultimately suit the agenda and appease existing customers? ⬆