Bonum Certa Men Certa
Patients' Data at Risk as NHS Reinforces Its Microsoft/Accenture Stockholm Syndrome | Microsoft is Interjecting Itself Into GNU/Linux and Free Software News, Even Events and Foundations

The Unethical Business of Selling Fear of Free/Libre Software Bugs (Black Duck, Sonatype, and Symantec)

Snake oil



Summary: The spreading of fear of Free/Open Source software (FOSS) is now a growth industry, so proprietary opportunists are eager to capitalise on it, even if by distorting the truth

EARLIER THIS month some Black Duck publicity stunt fooled some journalists into promotion of Black Duck FUD. We saw that persisting until April 20th (one week ago), even in pro-FOSS sites (blogs) that did this days later. IDG made a slideshow out of it. Well, sadly, it cites Black Duck, which tries to sell proprietary software under the guise of Free software promotion.



In reality, Black Duck is not just selling fear of GPL violations -- the original 'product' which was 'sold' by this firm. It's a two-faced firm masquerading as pro-FOSS whilst attacking FOSS. Black Duck and Duck Duck Go both give a bad name to ducks. They pretend to be FOSS or at least openwash themselves (a lie) and they pretend to defend users (also a lie, they merely exploit or monetise users).

In other news, Sonatype reportedly compared FOSS to "Public Health Hazard". To quote one report: "That’s the assessment of Joshua Corman, CTO at Sonatype, who took to the stage at RSA 2015 to characterize insecure software as a kind of “cyber-asbestos,” widely deployed, inherently dangerous, and eventually carrying an astronomical cost in terms of human suffering and cost to clean up because …we just didn’t know how dangerous it was at the time when we embraced it."

So Sonatype is again on an anti-Free software binge. It is not the first time (see examples in [1, 2, 3, 4]) and it is easy to see why it is doing this. It's trying to sell its products, which are nothing to do with Free software. Sonatype's track record of FOSS FUD is expanding and may one day rival the Microsoft-connected Symantec, which continues its FUD campaign against Android, generating misleading headlines such as "One in Five Android Apps Is Malware" in this case. When people install software from Google Play, then there is virtually no risk, but don't expect Symantec to properly analyse this. Symantec sells insecurity. To quote the misleading article: "According to Symantec’s latest Internet Security Threat Report, “17 percent of all Android apps (nearly one million total) were actually malware in disguise.” In 2013, Symantec uncovered roughly 700,000 virus-laden apps."

But where are they found? Are any accessible to most Android users? No, so Symantec is defining it wrongly and framing the issue by saying that many applications' "primary purpose is to bombard you with ads." That's not malware, but they made up a new word.

Google has already responded mostly by removing apps with too many ads (that's not malware) and saying that Android "antivirus" is snake oil, as Google said before (responding to the likes of Symantec several years ago).

Android now has an industry of snake oil around it because there is a lot of market share there. The same can be said about FOSS, which is why Black Duck and Sonatype are busy badmouthing security aspects of it. They're all just looking for a quick buck; FUD and reputation damage to FOSS are "collateral damage".

Patients' Data at Risk as NHS Reinforces Its Microsoft/Accenture Stockholm Syndrome | Microsoft is Interjecting Itself Into GNU/Linux and Free Software News, Even Events and Foundations

Recent Techrights' Posts

Legal Letters Are Not Postcards
It seems like intimidation, nothing more
European Patent Office (EPO) Strikes Persist, EPO Management Tries to Give False Impression of "Happy Staff"
EPO is trying to broadcast to the world a totally phony image of itself
The End of FOSSPost (fosspost.org), It Has become an LLM Slopfarm Like FOSSLinux
These sites will never get lucky with slop. These experiments always end badly.
 
Links 23/05/2026: Social Media Bans and Demise of Userbase of LLM Chatbots
Links for the day
SLAPP Censorship - Part 85 Out of 200: The United Kingdom's Rating for Press Freedom Has Improved, But We Can Do Even Better
we see the US at #64
Sites Realise That Becoming More Active by Using Bots (LLM Slop) is Self-Destructive
We'll soon (maybe next year) also show that some of the 85+ KG of legal papers sent our way are computer-generated garbage, which might run afoul of some rules
Gemini Links 23/05/2026: Patience, LLM Chatbts Being Bad, and Unexpected Computer Surgery
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, May 22, 2026
IRC logs for Friday, May 22, 2026
Links 22/05/2026: Ebola Crisis and Samsung Averts a Walkout With Big Bonuses
Links for the day
Links 22/05/2026: Inflation Fears and Thailand Tightens Visa Rules for Tourists From Dozens of Nations
Links for the day
EPO Staff Representation Speaks of This Week's Discussion With the EPO's Budget and Finance Committee (BFC) Amid Mass Strikes
The Central Staff Committee's outline (prepared in a rush) or the "flash report"
SLAPP Censorship - Part 84 Out of 200: New Legislation Against SLAPPs on the Way (After We Reached Out to Ministers)
They dealt with the matter individually too, but we won't share this in public, at least not at this time
The Corrupt Lecture the Non-Corrupt - Part XXX - Where Was "The Ethics and Compliance Team" When the Family of EPO President Campinos Was Caught Doing Cocaine?
It remains to be seen if national delegates will tolerate this in future meetings
Gemini Links 22/05/2026: Esperanto Music History, Suspicious Adoption of Signal, and Unauthorised LLM Slop in Code
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, May 21, 2026
IRC logs for Thursday, May 21, 2026
Links 21/05/2026: "Declining America" and Why Slop 'Code' is Made to Fail
Links for the day
Techrights and Tux Machines Subjected to Cyberattacks for Several Weeks
In the past I spoke to the cybercrime unit of British Police. Maybe it's time to do so again.
The Register MS Has Become a 'Content' Farm Promoting Slop for Hostile Corporations
Now they call it "PARTNER CONTENT" - not "SPONSORED" - as if semantics make the difference
Latest Example of Widespread Fake Assertions (False News) About "Hey Hi"
The false narrative of "Hey Hi layoffs"
Links 21/05/2026: Facebook Rewarded With Tax Breaks to Destroy the Environment and Cause Global Warming, Shortages, Pollution; SpaceX (SPCX) Continues Losing Billions of Dollars
Links for the day
Codecs and Software Patents - Part VIII - GNU Audio/Video Team Has Chosen the AV1 Video Codec and It Explains Why (They've Researched Their Options)
AV1 video codec will be used to encode and share GNU videos online
Dr. Stallman Helps Establish Free Software Advocacy Outside the Free Software Foundation (FSF) as Well
The ideals or principles of Free Software needn't be centralised or monopolised; they can be federated
22 Years of Tux Machines and a Community Stronger Than Ever Before
We've already received some feedback from the community and improved it accordingly
Microsoft Under Investigation for Breaches of Law in the UK
Just like the Microsofters
More Microsoft Layoffs on the Way (June and July 2026)
with or without PIPs
LWN Sponsored by the Linux Foundation (Monopolies)
We must be able to casually point this out
The Corrupt Lecture the Non-Corrupt - Part XXIX - European Patent Office (EPO) Tells Staff "Speaking up" is Good, But Not When the "Brother-in-law" of EPO's President Does Cocaine
Do we still have a functioning democracy and potent press?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, May 20, 2026
IRC logs for Wednesday, May 20, 2026
Gemini Links 21/05/2026: Immigration, Slop, and Slop 'Code' Suggestions Infesting Code Repositories
Links for the dayGemini Links 21/05/2026: Immigration, Slop, and Slop 'Code' Suggestions Infesting Code Repositories