Bonum Certa Men Certa

Pulling an SCO Using Security Firms?

The Fortify "Get the Facts" campaign (against Free software) was only mentioned very briefly here. It came in the form of a warning (it was also included in some link digests).



Security companies are funny creatures because they naturally love insecure software. They love breaking software apart and fear means business to them. Lying is never a problem, no matter the consequences. Moreover, Free software, which is inherently more secure, is a true danger to the business model of security agents, so they fight without tact or mercy [1, 2, 3].

Some concerned people, such as Sean at Internet News, truly wondered what Fortify had in mind. Why would it attack Free software so suddenly? Groklaw found this one, which is merely a possibility, not an explantion. It's a vanity page bearing the headline: "FORTIFY-MICROSOFT ALLIANCE."

Microsoft and Fortify Software are enabling software developers and testers to build and deliver more secure applications. Visual Studio 2005 Team Edition for Software Testers offers an easy-to-use yet powerful framework for testing. Fortify leverages this infrastructure and adds Web application security testing capabilities. The combination of the two effectively brings basic security testing out of the realm of specialized experts and into the hands of software testers. In addition, Fortify provides its award-winning source code analysis capabilities to Visual Studio Team Edition for Developers so security flaws discovered in development and testing can be diagnosed and fixed quickly. Working closely with the Visual Studio team has enabled Fortify Software to incorporate its innovative software security capabilities within the powerful Visual Studio


Groklaw adds: "Yes, folks. This partner of Microsoft is the same Fortify Software that put out that "study" that concluded that "Open Source" (but actually only Java) is risky." It smells like a case of fitting data to an hypothesis and a sensationalist conclusion, and at the same time hitting two rivals of Microsoft: Java and Free software.

They didn't assess proprietary equivalents. They wanted to encourage businesses to buy products from them. Furthermore, according to this, once/if you looked closely, you would find that proprietary products were shown to be more -- not less -- defective than Free software. So what has Fortify really proven?

Her main points:

1. There are other security toolkits other than Fortify. Just because you don’t use their system doesn’t mean you don’t care. 2. When reading vendor-sponsored studies consider the source. Always a wise move. 3. Open source projects in Fortify’s Open Review report fewer defects per thousand lines of code than proprietary products in the same review. I didn’t know that.


Fortify may also have some junk software patents, such as this one on "security testing".

Fortify SCA helps security, testing and development teams pinpoint and eliminate security vulnerabilities in software applications. Fortify's patent-pending technology delivers the most accurate and reliable results with low false positives..


“There should really be an index somewhere to tell who's with who.”Watch who Fortify built an alliance with: Wipro, another Microsoft partner that's joint to it by the hip and lobbies for OOXML -- all against India's interests [1, 2, 3, 4, 5].

Fortify lives in a not-so-healthy neighbourhood of proprietary software companies that combat Free software and encourage software patents.

The apple doesn't fall so far from the tree.

With money on the table, there is no trust. Will you also believe OpenLogic and Black Duck, for example, despite being headed by former Microsoft employees? They sell open source fear. There should really be an index somewhere to tell who's with who. It would help tremendously.

Comments

Recent Techrights' Posts

Girlfriends, Sex, Prostitution & Debian at DebConf22, Prizren, Kosovo
Reprinted with permission from disguised.work
Martina Ferrari & Debian, DebConf room list: who sleeps with who?
Reprinted with permission from Daniel Pocock
Europe Won't be Safe From Russia Until the Last Windows PC is Turned Off (or Switched to BSDs and GNU/Linux)
Lives are at stake
Links 23/04/2024: US Doubles Down on Patent Obviousness, North Korea Practices Nuclear Conflict
Links for the day
Stardust Nightclub Tragedy, Unlawful killing, Censorship & Debian Scapegoating
Reprinted with permission from Daniel Pocock
 
Links 24/04/2024: Layoffs and Shutdowns at Microsoft, Apple Sales in China Have Collapsed
Links for the day
Sexism processing travel reimbursement
Reprinted with permission from disguised.work
Microsoft is Shutting Down Offices and Studios (Microsoft Layoffs Every Month This Year, Media Barely Mentions These)
Microsoft shutting down more offices (there have been layoffs every month this year)
Balkan women & Debian sexism, WeBoob leaks
Reprinted with permission from disguised.work
Links 24/04/2024: Advances in TikTok Ban, Microsoft Lacks Security Incentives (It Profits From Breaches)
Links for the day
Gemini Links 24/04/2024: People Returning to Gemlogs, Stateless Workstations
Links for the day
Meike Reichle & Debian Dating
Reprinted with permission from disguised.work
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, April 23, 2024
IRC logs for Tuesday, April 23, 2024
[Meme] EPO: Breaking the Law as a Business Model
Total disregard for the EPO to sell more monopolies in Europe (to companies that are seldom European and in need of monopoly)
The EPO's Central Staff Committee (CSC) on New Ways of Working (NWoW) and “Bringing Teams Together” (BTT)
The latest publication from the Central Staff Committee (CSC)
Volunteers wanted: Unknown Suspects team
Reprinted with permission from Daniel Pocock
Debian trademark: where does the value come from?
Reprinted with permission from Daniel Pocock
Detecting suspicious transactions in the Wikimedia grants process
Reprinted with permission from Daniel Pocock
Gunnar Wolf & Debian Modern Slavery punishments
Reprinted with permission from Daniel Pocock
On DebConf and Debian 'Bedroom Nepotism' (Connected to Canonical, Red Hat, and Google)
Why the public must know suppressed facts (which women themselves are voicing concerns about; some men muzzle them to save face)
Several Years After Vista 11 Came Out Few People in Africa Use It, Its Relative Share Declines (People Delete It and Move to BSD/GNU/Linux?)
These trends are worth discussing
Canonical, Ubuntu & Debian DebConf19 Diversity Girls email
Reprinted with permission from disguised.work
Links 23/04/2024: Escalations Around Poland, Microsoft Shares Dumped
Links for the day
Gemini Links 23/04/2024: Offline PSP Media Player and OpenBSD on ThinkPad
Links for the day
Amaya Rodrigo Sastre, Holger Levsen & Debian DebConf6 fight
Reprinted with permission from disguised.work
DebConf8: who slept with who? Rooming list leaked
Reprinted with permission from disguised.work
Bruce Perens & Debian: swiping the Open Source trademark
Reprinted with permission from disguised.work
Ean Schuessler & Debian SPI OSI trademark disputes
Reprinted with permission from disguised.work
Windows in Sudan: From 99.15% to 2.12%
With conflict in Sudan, plus the occasional escalation/s, buying a laptop with Vista 11 isn't a high priority
Anatomy of a Cancel Mob Campaign
how they go about
[Meme] The 'Cancel Culture' and Its 'Hit List'
organisers are being contacted by the 'cancel mob'
Richard Stallman's Next Public Talk is on Friday, 17:30 in Córdoba (Spain), FSF Cannot Mention It
Any attempt to marginalise founders isn't unprecedented as a strategy
IRC Proceedings: Monday, April 22, 2024
IRC logs for Monday, April 22, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Don't trust me. Trust the voters.
Reprinted with permission from Daniel Pocock
Chris Lamb & Debian demanded Ubuntu censor my blog
Reprinted with permission from disguised.work
Ean Schuessler, Branden Robinson & Debian SPI accounting crisis
Reprinted with permission from disguised.work
William Lee Irwin III, Michael Schultheiss & Debian, Oracle, Russian kernel scandal
Reprinted with permission from disguised.work
Microsoft's Windows Down to 8% in Afghanistan According to statCounter Data
in Vietnam Windows is at 8%, in Iraq 4.9%, Syria 3.7%, and Yemen 2.2%
[Meme] Only Criminals Would Want to Use Printers?
The EPO's war on paper
EPO: We and Microsoft Will Spy on Everything (No Physical Copies)
The letter is dated last Thursday
Links 22/04/2024: Windows Getting Worse, Oligarch-Owned Media Attacking Assange Again
Links for the day
Links 21/04/2024: LINUX Unplugged and 'Screen Time' as the New Tobacco
Links for the day
Gemini Links 22/04/2024: Health Issues and Online Documentation
Links for the day
What Fake News or Botspew From Microsoft Looks Like... (Also: Techrights to Invest 500 Billion in Datacentres by 2050!)
Sededin Dedovic (if that's a real name) does Microsoft stenography
Stefano Maffulli's (and Microsoft's) Openwashing Slant Initiative (OSI) Report Was Finalised a Few Months Ago, Revealing Only 3% of the Money Comes From Members/People
Microsoft's role remains prominent (for OSI to help the attack on the GPL and constantly engage in promotion of proprietary GitHub)
[Meme] Master Engineer, But Only They Can Say It
One can conclude that "inclusive language" is a community-hostile trolling campaign
[Meme] It Takes Three to Grant a Monopoly, Or... Injunction Against Staff Representatives
Quality control
[Video] EPO's "Heart of Staff Rep" Has a Heartless New Rant
The wordplay is just for fun
An Unfortunate Miscalculation Of Capital
Reprinted with permission from Andy Farnell
[Video] Online Brigade Demands That the Person Who Started GNU/Linux is Denied Public Speaking (and Why FSF Cannot Mention His Speeches)
So basically the attack on RMS did not stop; even when he's ill with cancer the cancel culture will try to cancel him, preventing him from talking (or be heard) about what he started in 1983
Online Brigade Demands That the Person Who Made Nix Leaves Nix for Not Censoring People 'Enough'
Trying to 'nix' the founder over alleged "safety" of so-called 'minorities'
[Video] Inauthentic Sites and Our Upcoming Publications
In the future, at least in the short term, we'll continue to highlight Debian issues
List of Debian Suicides & Accidents
Reprinted with permission from disguised.work
Jens Schmalzing & Debian: rooftop fall, inaccurately described as accident
Reprinted with permission from disguised.work
[Teaser] EPO Leaks About EPO Leaks
Yo dawg!
On Wednesday IBM Announces 'Results' (Partial; Bad Parts Offloaded Later) and Red Hat Has Layoffs Anniversary
There's still expectation that Red Hat will make more staff cuts
IBM: We Are No Longer Pro-Nazi (Not Anymore)
Historically, IBM has had a nazi problem
Bad faith: attacking a volunteer at a time of grief, disrespect for the sanctity of human life
Reprinted with permission from Daniel Pocock
Bad faith: how many Debian Developers really committed suicide?
Reprinted with permission from Daniel Pocock
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, April 21, 2024
IRC logs for Sunday, April 21, 2024
A History of Frivolous Filings and Heavy Drug Use
So the militant was psychotic due to copious amounts of marijuana
Bad faith: suicide, stigma and tarnishing
Reprinted with permission from Daniel Pocock
UDRP Legitimate interests: EU whistleblower directive, workplace health & safety concerns
Reprinted with permission from Daniel Pocock