Lots of Coverage About FOSS Bugs, No Coverage About Intentional 'Bugs' (Back Doors) in Proprietary Software

Dr. Roy Schestowitz

2014-06-07 12:37:22 UTC
Modified: 2014-06-07 12:37:22 UTC

Bugs inside blobs are also serious bugs, and sometimes there by design

Bug

Summary: The increased media coverage of bugs in security-sensitive FOSS projects reveals lack of desire to cover much bigger threats, including back doors in proprietary software such as Windows

OpenSSL has been somewhat of a whipping boy of the technology press. One reason is, OpenSSL is widely used, but another is that it's known what the issues are (transparency) and the corporate media sure has agenda. We already gave the example of Dan Goodin, to whom security bugs are only news is they affect FOSS (here is his latest go at it) and now that GnuTLS bugs become public knowledge (after a public release with full source code) there is some more coverage that resembles what we found amid "Heartbleed" hype [1, 2, 3] (in both cases a firm with Microsoft connections claimed credit for other people's discoveries and trumpeted FUD in the press). One can expect the same from Microsoft-funded 'news' networks like IDG and ZDNet, which merely covers an already fixed bug. To quote the summary:

The security team behind the Debian distro are urging users to upgrade their Linux packages after patching a newly-found flaw in the Linux kernel.

This is not an unusual thing. Why it this suddenly front page news?

Notice the pattern. In all cases the bugs are already fixed (users just need to apply updates, unless they have already been applied automatically). This shows a strength of FOSS, not a weakness. The latest OpenSSL patches that we covered a couple of days ago (in daily links) don't relate to or amount to huge risk [1] and these are already patched [2]. The same goes for kernel bugs [3].

What we found highly disturbing here is that despite discoveries that companies like Apple and Microsoft facilitate the NSA with back doors (in secret code) we see an improportionate focus on every small bugfix in projects such as GnuTLS, OpenSSL, and Linux. Someone might be trying very hard to make the point that FOSS is the issue, not back doors which are very much included by design (and hidden in blobs). Reporters who cover bugs in FOSS but are never covering back doors in proprietary software ought to be challenged. Their bias (by omission) should be pointed out to them. ⬆

Related/contextual items from the news:

New OpenSSL breech is no Heartbleed, but needs to be taken seriously

OpenSSL Security Update now available for Fedora

Canonical Closes Linux Kernel Vulnerabilities in Ubuntu 14.04 LTS

Microsoft Insiders: If You Don't Take the Lousy Severance-Like Offer, They'll PIP You Out (Microsoft Signals to People Over 40 That They'd Better Vacate the Place): Microsoft targets its most experienced (read: expensive) workers
"AI" 16 Times in One 'Article'. The Register MS Got Paid to Post This Spammy, Promotional Piece of Slop.: Pay closer attention to who pays and who gets paid
Links 27/04/2026: Chernobyl Disaster at 40, "Heartbreaking" Decline of Australia: Links for the day
Gemini Links 27/04/2026: Gopher Catchup, MNT Reform, and Injuries: Links for the day
Red Hat Circling Down the Slop Drain: IBM, governed by slop fanatics, is going to do a lot of damage
Slop is an Addiction, Its Users Find It Addictive: please do not tolerate people who slop
The Corrupt Lecture the Non-Corrupt - Part VII - Secrecy at the EPO (Regarding Cocaine and Nepotism) Has Undermined Trust in Management: If Europe's second-largest institution is run by the "Alicante Mafia", does this mean that other key European institutions are "Mafia"?
SLAPP Censorship - Part 59 Out of 200: Mentioning the Fact Alex Graveley Arrested and Charged for Strangulation in Texas is "Reckless" and "Malicious", According to His 'Hired Guns' in London: it was framed as "malicious"
Links 27/04/2026: Strikes, Corruption in Spain (Spanish PM Sanchez' Wife), and YouTuber Faces Jail Time: Links for the day
Gemini Links 27/04/2026: Gopher Catch-up, Year of Contentment, and Path to Freedom: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, April 26, 2026: IRC logs for Sunday, April 26, 2026
Journalistic Malpractice: Helping Microsoft Paint 'Voluntary' Layoffs (Before PIPs) as "Buyouts": What does this tell us about today's media?
The Man IBMers Regard or Already See as Likely Successor of Krishna (or Next CEO of IBM) is a Slop Fanatic: How dangerously misguided
The Corrupt Lecture the Non-Corrupt - Part VI - Management of the European Patent Office (EPO) Covered Up Cocaine Use, Even Colleagues Not Informed: the self-described "fu--ing president"
SLAPP Censorship - Part 58 Out of 200: 5RB and Brett Wilson LLP Helped Garrett and Graveley Make Equivalent of GAFAM NDAs Superficially 'Enforceable' in the UK, Using Threats: laziness results in many hours and high lawyers' fees
Who Controls Fedora? IBM and GAFAM.: Don't for a moment believe that IBM understands GNU/Linux. We are quite certain nobody in IBM's Board of Directors uses it.
State of Slop About GNU/Linux: As the incentive to publish is reduced (competing with slop is no fun), the effort/money invested in stories goes down
Links 26/04/2026: Korean Inflation, GLP-1 Drugs Linked to Cognitive Impairment, Lithuania's Public Broadcaster LRT Besieged: Links for the day
Hopefully Smooth Sailing in OS Upgrade: There are some contingencies at hand
Links 25/04/2026: "Horrible Economics of AI Are Starting to Come Crashing Down", More Restrictions Placed on Social Control Media: Links for the day
Getting Aggressive Suggestive of Loss - Part IV - Shutting Down My Existence: Would anyone out there tolerate such messages sent from burner accounts?
Gemini Links 26/04/2026: Gemini Movie Database (or GeminiMDB) and Star Trek III: Links for the day
Weeks Before Linux Removed Over 100,000 Lines of Code Due to Slop 'Bug Reports' Microsoft Paid 'Linux' Foundation to Advance Slop in the Name of 'Security': What can possible go wrong? Both for security and for stability.
Tracking Ages of People: To stay "safe" tell us your age
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, April 25, 2026: IRC logs for Saturday, April 25, 2026
"A single witness shall not rise up against a person regarding any wrongdoing or any sin that he commits; on the testimony of two or three witnesses a matter shall be confirmed." (Deuteronomy 19-21): The spouse of Garrett repeatedly points out that Garrett can barely code or can only do so very poorly
Rust People Sabotage Stability for the Sake of a Falsely-Promised 'Security': Set aside severe performance issues, poor handling of "edge cases", general bugs, lack of compatibility, and even crashes
SLAPP Censorship - Part 57 Out of 200: 5RB and Brett Wilson LLP Made the Garrett and Graveley Particulars of Claims a Lot Like Photocopies!: They seem very much irritated that I speak about this
Huge Strike at the European Patent Office (EPO) This Coming Friday (May 1st): International Worker’s day
Links 25/04/2026: Nokia Wins Embargo in Kangaroo Court Where Judges Are Salaried Nokia Staff (UPC), Allison Pearson Defamation Case (UK) Succeeds, Smokey Robinson and "Puff Daddy" (US) Fail: Links for the day
Gemini Links 25/04/2026: Weekly Echoes, Gemtext Tables, and Using Offpunk: Links for the day
Corporate Media Did Not Specify What Microsoft Means by "Buyouts" (Layoffs), It May Be Hardly Different From Severance: Time will tell, but investigative journalism hardly exists anymore, so we won't hold our breath
The Corrupt Lecture the Non-Corrupt - Part V - "Diversity" and "Inclusion" at EPO Means Sleeping With Sister of "Cocaine Communication Manager" and Making Them Millionaires: Remember that top applicants or key stakeholders of the EPO are already complaining about a lack of quality
Links 25/04/2026: Fake GAFAM Valuations (Gripping the Market Based on False Accounting), "Evidence Isn't Just for Research", and "Putin Defends Mobile Internet Outages": Links for the day
Dr. Andy Farnell on Why Calling Slop or Chaff "Hey Hi" (AI) Harm Us All, Except for "Ten or Twenty Rich Industrialists": "words to avoid"
Internet Trolls Likely Trying to Distract From the Demise of IBM, Problems With Red Hat: there seems to be trolling online aimed at suppressing discussion
Debian Upgrade Coming Up (Soon): Yesterday we contacted the datacentre staff about it
Getting Aggressive Suggestive of Loss - Part III - Threats From Burner Accounts Formally Treated as a Crime: Countries that cannot preserve freedom from self-censorship are countries where free press ultimately cannot prevail
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, April 24, 2026: IRC logs for Friday, April 24, 2026
Gemini Links 25/04/2026: 3.4k+ Capsules, Microsoft Layoffs, Call for Nuclear Disarmament, "Internet is Sad and Lonely": Links for the day

Lots of Coverage About FOSS Bugs, No Coverage About Intentional 'Bugs' (Back Doors) in Proprietary Software

New OpenSSL breech is no Heartbleed, but needs to be taken seriously

OpenSSL Security Update now available for Fedora

Canonical Closes Linux Kernel Vulnerabilities in Ubuntu 14.04 LTS

Recent Techrights' Posts