The Shameless Campaign to Paint/Portray Free Software as Inherently Insecure, Using Brands, Logos, and Excessive, Selective Press Coverage

Dr. Roy Schestowitz

2015-07-01 10:39:02 UTC
Modified: 2015-07-01 10:39:02 UTC

Bugs
Image courtesy of Red Hat, demonstrating lack of correlation between severity and logos/brands

Summary: Some more FUD from firms such as Sonatype, which hope to make money by making people scared of Free/libre software

The corporate media is in the business of selling (for corporations), not informing. Advertising is the business model, as well as media 'partnerships' (euphemism for PR). Security firms too are in the business of selling, not informing. Misinformation often helps improve sales. We have already ranted quite a lot about media misdirection, designed to sell products or malign the competitors of those who try to sell unnecessary products. We must assume that this is happening because it has always been happening; it's just that it got a lot more frequent now that Free/libre is more widely used.

The other day IDG published some promotion of Veracode. To quote one paragraph: "The scale of the problem is significant. Cryptographic issues are the second most common type of flaws affecting applications across all industries, according to a report this week by application security firm Veracode."

This is not an independent security researcher; it is the Black Duck-connected Veracode (Black Duck came from Microsoft and VeraCode's co-founder recently joined Black Duck), which overlooks security issues with proprietary software. Veracode is not an objective observer; it is trying to sell something. Sonatype too, a nasty company which we wrote about before [1, 2, 3, 4, 5, 6], rears its ugly head in the media, in an article provocatively titled "Open-Source Code Can Be More Dangerous Than Useful".

So Sonatype has launched yet another FUD attack on Free software, using myths and rhetoric, capitalising on gullible 'journalists' who would print just about anything, along with clueless pasting of bugs with logos (for extra fear), no discussion about severe bugs in proprietary software, and many other issues. This article is relaying marketing from Sonatype and dramatises it even further. "It gets worse," says the writer, "according to Sonatype: Many of the software companies that have built insecurities right into their products wouldn't be able to tell which of their applications are affected by a known component flaw because of poor inventory practices."

Well, proprietary software deliberately adds flaws to act as secret back doors. How about that in the discussion? The article totally omits that. The article then adds some talking points from the FOSS-hostile Symantec, another company which tries to sell its proprietary software based on perceptions of insecurity.

Thankfully, there are a couple of comments there (below the article) that highlight the issues with the article; both are titled "Not only open source..."

As Free/libre software becomes more mainstream we should expect more parasites like Sonatype to look out for fools who are willing to do their marketing, monetising trash-talk. ⬆

No Slop Found in RSS Feeds, Only in Google News: No slopfarm will survive for very long, certainly it'll go bust as soon as readers (if it had any) know what it is
What the Solicitors Regulation Authority (SRA) and Action Fraud UK Have in Common: Don't let London become the world's "crime capital"
Dr. Andy Farnell on How GAFAM, NVIDIA and Others Lie to People Via the Sponsored Media to Prop Up Lies Under the Guise of "AI": Lots of key aspects are covered
Richard Stallman Gives Talk in 20 Hours at Ostschweizer Fachhochschule Campus in Rapperswil-Jona: The talk is in English
An American War on GNU/Linux, Software Freedom, and British Investigative, Science-Based Reporting - Part III - Very Strong Legal Basis for an Appeal: The case is now being escalated to a Foreign Secretary and former Deputy Prime Minister
Police investigations, lawsuits & Debian leader election candidate shortage: Reprinted with permission from Daniel Pocock
Richard Stallman (RMS) Has Defeated Cancel Culture, a Mostly American Phenomenon: RMS is talking now
Links 09/03/2026: Many Security Breaches and a Pandemic of Censorship: Links for the day
People Who Work or Worked at IBM Hate It: bluewashing is only the first step
Richard Stallman (RMS) Talks in 30 Minutes, Next Stop Bern (Last Stop): We assume he'll travel back to Boston after that
IBM's Fedora as a Booster of Slop Disguised as Code or Computer Programs: Maybe we should also stop seeing a doctor and instead ask chatbots about symptoms?
Richard Stallman (RMS) Talk Five Hours From Now: there is growing recognition for what he really did for everybody
EPO Strike 10 Days From Now, Planning Assembly Tomorrow, Last Couple of Strikes Had High Participation Rates (1,500-1,600 Staff Went on Strike): The next strike is in 10 days' time and then there will be another strike
Links 09/03/2026: GAFAM Outsourcing, "MAGA Political Meddling" in EU, Indonesia Bans Social Control Media for Children Under 16: Links for the day
Using Slop (and Slop in Articles) to Attack Copyleft 'on Budget': This article is pure BS from an anti-GPL and anti-RMS 'activist'
Why The Register MS Sold Out to Microsoft: They're Losing Lots of Money, The Register MS is Bleeding to Death, Based on Its Own Financial Records: With over 6 million pounds in debt (nearly 10 million US dollars) we guess it's likely some other company will take over the site (if it deems it worthwhile)
Microsofters' SLAPP Censorship - Part 7 Out of 200: Like With the Serial Strangler From Microsoft, Misuse of UK-GDPR to Try to Hide Embarrassing Facts: They do and say really bad things, then allege it's a "privacy violation" to mention those things
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, March 08, 2026: IRC logs for Sunday, March 08, 2026
Gemini Links 09/03/2026: Exponentials and Tailscale: Links for the day
Sloppyleft: Article by Alexandre Oliva
Hard to Replace 'Human Touch': The reason many people insist on using GNU
The Slop Companies Gamble at Our Economy's Expense and They Know It's a Losing Bet (So It's a de Facto Robbery): The crash of this bubble isn't just inevitable, it's already happening and receding sporadically because of false announcements about money that does not actually exist (to "buy time")
Suppressing Speech by Blackmail, the Iran Story: When Debian wanted to stage a seemingly legitimate election it needed to have more than one candidate running; so eventually the female partner of a geek rose to the challenge (had no coding skills at all, no technical history in Debian) and lost to the "incumbent German"
Too Focused on Buzzwords the Media is Paid to Saturate the Collective Mind With: Just because companies do really bad things in the digital realm does not imply "AI" or follow from "AI"
Discrimination and Prejudice Against Female Journalists: we can shame people who attack a reporter on the grounds of gender
An American War on GNU/Linux, Software Freedom, and British Investigative, Science-Based Reporting - Part II - Trying to Put People in Prison for Committing the Act of Journalism: This is abuse of process
Attack on Copyright and Copyleft by Code Conversion Is Nothing New, It Predates Slop (Code Produced by LLMs) by Several Decades: Even back in the 90s many people converted programs from one language to another. That could invalidate copyleft (and copyright), which already existed
Almost a Slopless Weekend for "Linux": Let's hope slop will come to an end or sites will cease linking to slop
Insiders Explain Why IBM is Dying and the Inherent Culture Problem: There are many ways to shave this IBM cat
Links 08/03/2026: Microsoft Lost $400 Million on "Project Blackbird" and Half the States Sue Over Illegal Tariffs: Links for the day
Links 08/03/2026: Cisco Holes Again and "Blatant Problem With OpenAI That Endangers Kids": Links for the day
Activism/Journalism in Our Blood: one must fight for one's principles
Gemini Protocol in Its Prime: What's particularly neat about Gemini Protocol is that it's fast and cheap
Microsofters' SLAPP Censorship - Part 6 Out of 200: Intentionally Misnaming Women, People Who Offered to Testify That They Too Had Been Subjected to Similar Abuse: Today it is International Women's Day
Even Fedora Leadership Cannot Figure Out the Microsoft Kill Switch/Back Door, 'Secure' Boot: It does not actually enhance security
Bruce Perens: Richard Stallman "Has Achieved His Goal": Stallman's next talk is tomorrow
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, March 07, 2026: IRC logs for Saturday, March 07, 2026
Gemini Links 07/03/2026: Buying Woodland, Indra 1.3.0 Available, and LLM Exhaustion: Links for the day
The Harder They Attempt to Take Down This Site (and Take Away Liberties), the More People Will See This Site: We'll carry on as usual, as from sunlight comes justice
An American War on GNU/Linux, Software Freedom, and British Investigative, Science-Based Reporting - Part I - A Matter of National Security: Those people are Americans who try to advance the interests of American corporations by weaponising courts abroad
Why They Always Try to Shoot the Messenger (When the Message Harms Profits): A matter of economics
Coinbase - Like Block - is in Huge Trouble, Its Debt Nearly Doubled in Half a Year: The real reason Block is collapsing is its debt
Starting Another New Series This Evening, It's About American Folly: today commences a series long in the making (years)
Nations Stand to Benefit From Gender Equality and Increased Participation by Women: International Women's Rights Day starts in about 6 hours in the UK
Microsoft is Losing It, Now It's Censoring Its Critics and Sceptics: Whether the measurements made by statCounter are accurate or not, the trends (long-term) typically make sense
WIRED (Conde Nast) Reviews Are Paid-for Marketing Spam, They Change Dates on Old 'Articles' to Make Them Look Relevant and New: The Web is fast becoming a burial ground for ads, trash, spam, and slop
Gemini Links 07/03/2026: Humour, Chilling, and Oversized 'Phones': Links for the day
Cyber|Show by Andy and Helen Recommended by Techrights and Tux Machines: If your time is limited and you look for informative essays and shows (audio)
Links 07/03/2026: CJEU to Finally Examine Behaviour of the Illegal and Unconstitutional Unified Patent Kangaroo Court, Creative Commons (CC) Hosts Open Heritage Statement Event in Amsterdam: Links for the day
Microsoft's Thailand Problem: It's definitely not Windows
New Lows for Microsoft in Micronesia: GNU/Linux has shown some growth there too
Microsofters' SLAPP Censorship - Part 5 Out of 200: Clearly Not a Security Professional/Expert, Only Ever Pretending to be One: "The Claimant says he is “a computer security expert”, but his background and his track record in the education sense (genetics) does not support this assertion."
Links 07/03/2026: Fuel Already Running Low and "Economic Crisis of the Iran War": Links for the day
The Corporate Media Repeated the Lies Told by Jack Dorsey ("AI" Hype), Now It Does the Same for Larry Ellison: Disregard the hundreds of headlines that say mass layoffs at Oracle are due to "AI" something
The Free Software Community is Gaining Momentum as Its Importance is More Broadly Realised: As long as "trendy" technology goes in a negative direction there will be a growing portion in society looking for alternatives
Spooking or Chasing Away Women (From Computer Science): The status quo discourages women from even trying to study Computer Science and related disciplines
"IBM Has Changed So Much in the Last Decade to the Point It's Completely Unrecognizable.": IBM is a dying, rotting company with a morbid culture
The Register MS, Sponsored by Communist Party of China (CPC): What will happen when the bubble crashes the economy?
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, March 06, 2026: IRC logs for Friday, March 06, 2026
Gemini Links 07/03/2026: Coffee Problem, Marchintosh, Learning, and "Selectively Disabling HTTP": Links for the day

The Shameless Campaign to Paint/Portray Free Software as Inherently Insecure, Using Brands, Logos, and Excessive, Selective Press Coverage

Recent Techrights' Posts