The Unethical Business of Selling Fear of Free/Libre Software Bugs (Black Duck, Sonatype, and Symantec)

Dr. Roy Schestowitz

2015-04-27 09:02:52 UTC
Modified: 2015-04-27 09:02:52 UTC

Snake oil

Summary: The spreading of fear of Free/Open Source software (FOSS) is now a growth industry, so proprietary opportunists are eager to capitalise on it, even if by distorting the truth

EARLIER THIS month some Black Duck publicity stunt fooled some journalists into promotion of Black Duck FUD. We saw that persisting until April 20th (one week ago), even in pro-FOSS sites (blogs) that did this days later. IDG made a slideshow out of it. Well, sadly, it cites Black Duck, which tries to sell proprietary software under the guise of Free software promotion.

In reality, Black Duck is not just selling fear of GPL violations -- the original 'product' which was 'sold' by this firm. It's a two-faced firm masquerading as pro-FOSS whilst attacking FOSS. Black Duck and Duck Duck Go both give a bad name to ducks. They pretend to be FOSS or at least openwash themselves (a lie) and they pretend to defend users (also a lie, they merely exploit or monetise users).

In other news, Sonatype reportedly compared FOSS to "Public Health Hazard". To quote one report: "That’s the assessment of Joshua Corman, CTO at Sonatype, who took to the stage at RSA 2015 to characterize insecure software as a kind of “cyber-asbestos,” widely deployed, inherently dangerous, and eventually carrying an astronomical cost in terms of human suffering and cost to clean up because …we just didn’t know how dangerous it was at the time when we embraced it."

So Sonatype is again on an anti-Free software binge. It is not the first time (see examples in [1, 2, 3, 4]) and it is easy to see why it is doing this. It's trying to sell its products, which are nothing to do with Free software. Sonatype's track record of FOSS FUD is expanding and may one day rival the Microsoft-connected Symantec, which continues its FUD campaign against Android, generating misleading headlines such as "One in Five Android Apps Is Malware" in this case. When people install software from Google Play, then there is virtually no risk, but don't expect Symantec to properly analyse this. Symantec sells insecurity. To quote the misleading article: "According to Symantec’s latest Internet Security Threat Report, “17 percent of all Android apps (nearly one million total) were actually malware in disguise.” In 2013, Symantec uncovered roughly 700,000 virus-laden apps."

But where are they found? Are any accessible to most Android users? No, so Symantec is defining it wrongly and framing the issue by saying that many applications' "primary purpose is to bombard you with ads." That's not malware, but they made up a new word.

Google has already responded mostly by removing apps with too many ads (that's not malware) and saying that Android "antivirus" is snake oil, as Google said before (responding to the likes of Symantec several years ago).

Android now has an industry of snake oil around it because there is a lot of market share there. The same can be said about FOSS, which is why Black Duck and Sonatype are busy badmouthing security aspects of it. They're all just looking for a quick buck; FUD and reputation damage to FOSS are "collateral damage". ⬆

Microsofters' SLAPP Censorship - Part 13 Out of 200: Abuse of Process to Make False Accusations of UKGDPR Violations: familiar barrister and same lawyers
What Puts the Brakes on GNU/Linux Adoption on Laptops and Desktops is Monopoly Control (or Monoculture) Over the Distros: Distros that adopt systemd are controlled by IBM and GAFAM
Layoffs in Twitter, Facebook, and Microsoft's LinkedIn: There are silent layoffs at Microsoft this month
We Don't Depend on Google and Don't Care for Google: We have our own site search and we don't depend on Google to bring visits/visitors to us
Facebook Layoffs Due to Enormous Debt, Nothing to Do With "Hey Hi" Slop: The lies about "hey hi" in relation to layoffs will only contribute to further public resentment towards: 1) the media and 2) all the slop.
Links 15/03/2026: WB Games Montréal Undergoes Layoffs, "Swiss Reject Cuts to Public Broadcasting": Links for the day
Gemini Links 15/03/2026: Messages in Bottles and Audio Streaming in Lagrange for Android: Links for the day
Thrown Under the Microsoft Bus: Microsoft wants disposable contractors
Quitting IBM and "Rumors of an Upcoming RA [Mass Layoffs] in April 2026": Blue layoffs or "RAs" were confirmed upfront by the CFO
GNU/Linux Distro Builders Barely Paid Enough to Pay Basic Bills, Chief of "Linux" Foundation (Not Even Using Linux!) Increases His Own Salary by Over 50% in 5 Years: Salaries or compensation correlate with the ability to exploit people, not to create things
The "Zero-Sum" Fallacy: Fallacies like "zero-sum" - especially in the context of foreign affairs including war - are utterly ruinous
A Happy Birthday to Richard Stallman: Richard Stallman will turn 73
Jürgen Habermas is Dead, But the Politicised, Inherently Corrupt, Corporatised Court for Patents That He Inspired Is Not: In the news throughout the weekend
Mountains of Abuses of Process by Brett Wilson LLP on Behalf of Americans and Sometimes at the Expense of British Taxpayers: a virtual "limited liability"
linuxteck.com FUD by LLM Slop, ubuntupit.com Passes the Slop Baton: Unless they get back to doing long-form authentic articles, as opposed to slop, no good will come out of it
Links 15/03/2026: New Shortages, Lynx Populations Depletion: Links for the day
Sruthi Chandran & Debian Diversity, Favoritism, Hidden Conflicts of Interest: Reprinted with permission from Daniel Pocock
software in the public domain: Reprinted with permission from Alex Oliva
Links 15/03/2026: Slop "Bubble Driving Interest in Chip Alternatives" and Wildlife Erosion Reported: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, March 14, 2026: IRC logs for Saturday, March 14, 2026
Change of Address at the Hired Guns, Address Removed: Companies tend to alter their 'shell structure' in anticipation of major action
The Good IBM Managers Have Flown Away, All That's Left is the Book-Cooking Loyalists: IBM is just cheating the SEC and shareholders. This seems to be the only thing IBM's management is nowadays good at.
Microsofters' SLAPP Censorship - Part 12 Out of 200: Months Ahead of Serial Strangler From Microsoft Who Helped Double the Lawsuits (Funded by Third Parties) as 'Revenge' for Exposing Crimes: In 2024 I sat down and wrote about what had been done to me and to my wife
Crime Comes in Many Forms: apparently the SRA is OK with stranglers of women in America bullying the media in the UK
commandlinux.com, linuxteck.com, linuxiac.com, and linuxsecurity.com are Slopfarms With "Linux" in Their Domain Name: once readers realise they read slop they immediately lose interest
Links 14/03/2026: Adoption of Slop Has Killed BuzzFeed, Russia Sees "Economic Gain From Iran War": Links for the day
Patriotism is Conditional, If It's Unconditional, Then It's Like a Cult: My love for Software Freedom is only as strong as my love for Freedom of the Press
Links 14/03/2026: Mass Layoffs at Facebook ('Meta') and Sweeping Layoffs at Twitter (xAI), Social Control Media and Slop Are Only Debt: Links for the day
Wrong Time, Wrong Place (Digg): Kevin Rose and Alexis Ohanian can relaunch Digg.com, but we doubt it'll work "this time for real!"
Universities Became Bad Places for Work: What happened to academia?
Reporting New and Suppressed Information is What Journalism is All About: In the domain of Free software, there are very few sites out there that offer exclusive coverage on community affairs and there are many gagging/censorship attempts
The Limits of Speech and the Rationale of Limitations: it seems to be part of an international trend
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, March 13, 2026: IRC logs for Friday, March 13, 2026
Gemini Links 14/03/2026: Goodness, AD534 Multiplier Module, and Extroverts Online: Links for the day
Atlassian Corp: We're Doing Layoffs Because of "Hey Hi"; Wall Street: Atlassian Corp is Just a Failing Business: Don't ask "the media"
Microsofters' SLAPP Censorship - Part 11 Out of 200: Cannot Censor His Spouse, Accusations Are Repeated Today: He already has a history of threatening to sue gay people in America; he cannot take criticism too well
Price of Storage, Price of Energy... What Next?: EPO workers are going on strike because their salaries don't keep up with price increases and tech companies without connections in "the channel" face long delays, low availability, and high prices (no "bulk" purchases), which further solidifies monopolies.
Don't Forget Red Hat's RTO (Return-to-office) Layoffs: How many people still remember that Red Hat did the same thing?
Reminder: Microsoft silent Layoffs by RTO (Commute Time and Lack of Comfort/Work Satisfaction) Already in Effect This Year: It's difficult to measure how many employees have already "left on their own" due to the RTO policy
Founder of IBM Ventures Has Just Quit IBM: Some people leave IBM and many people 'leave' IBM
Signs of Impeding Mass Layoffs - Not Just Quiet Layoffs - at Microsoft: Beneath the surface there are waves of layoffs and even entire teams are let go
Career Science and Academia as Corporate Propaganda 'on Tap': article about surveillance
Veteran GNU/Linux Journalist Jack Wallen Tries Geminispace and Likes It: It'll turn 7 some time soon
Scheduled Maintenance Tonight: There will be similar work early next week
"Alternative to Microsoft Office" Must Use Free/Open Standards/Formats for Real Sovereignty: It would make sense for the EU to invest in its own workers and its own software projects, more so now that there are hostile countries both to the east and to the west
IBM Has No Clue How to Integrate Companies Like Red Hat: IBM is failing to respect this company's culture
Fake Articles From Sites With "Linux" in Their Name/Domain Name: we can at least hope that linuxteck.com made a decision to quit slop
Links 13/03/2026: New US Weapons for Taiwan, Pakistan Air Strikes Hit Kabul: Links for the day
Gemini Links 13/03/2026: Exhaustion and Smartphone Addiction: Links for the day
Friday the 13th & Debian Developers afraid to nominate in DPL elections: Reprinted with permission from Daniel Pocock
Links 13/03/2026: Chatbot "Pentagon Contract" (Bailout) and Secret Service Ditches Slop Pusher: Links for the day
When Everybody Has a Right/Access to An Attorney/Lawyer (But Some Get Funding From Malicious American Corporations to Spend a Million Dollars on Many Lawyers and Several Barristers): And send about 75 KG of legal papers to the residence of the "opponent"
European Qualifying Examination (EQE) Being Reduced to Pieces of Papers One Can Buy, Patent System Rapidly Losing Its Legitimacy: Welcome to the "new Europe"
Priorities in 2026: 2026 is an interesting year
Willis Towers Watson (WTW) Producing More Propaganda for EPO "Cocaine Communication Managers": The Local Staff Committee The Hague (LSCTH) has this new paper about Willis Towers Watson (WTW) and its annual EPO-sponsored propaganda, pretending all is well when things are clearly dire
Head of Microsoft Office and Microsoft 360 is Leaving Microsoft Amid Problems and Mass Layoffs: Microsoft is like a "legacy" company
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, March 12, 2026: IRC logs for Thursday, March 12, 2026
Gemini Links 13/03/2026: "Someone to Take Over Antenna" and Random Seed/RNG: Links for the day

The Unethical Business of Selling Fear of Free/Libre Software Bugs (Black Duck, Sonatype, and Symantec)

Recent Techrights' Posts