The Shameless Campaign to Paint/Portray Free Software as Inherently Insecure, Using Brands, Logos, and Excessive, Selective Press Coverage

Dr. Roy Schestowitz

2015-07-01 10:39:02 UTC
Modified: 2015-07-01 10:39:02 UTC

Bugs
Image courtesy of Red Hat, demonstrating lack of correlation between severity and logos/brands

Summary: Some more FUD from firms such as Sonatype, which hope to make money by making people scared of Free/libre software

The corporate media is in the business of selling (for corporations), not informing. Advertising is the business model, as well as media 'partnerships' (euphemism for PR). Security firms too are in the business of selling, not informing. Misinformation often helps improve sales. We have already ranted quite a lot about media misdirection, designed to sell products or malign the competitors of those who try to sell unnecessary products. We must assume that this is happening because it has always been happening; it's just that it got a lot more frequent now that Free/libre is more widely used.

The other day IDG published some promotion of Veracode. To quote one paragraph: "The scale of the problem is significant. Cryptographic issues are the second most common type of flaws affecting applications across all industries, according to a report this week by application security firm Veracode."

This is not an independent security researcher; it is the Black Duck-connected Veracode (Black Duck came from Microsoft and VeraCode's co-founder recently joined Black Duck), which overlooks security issues with proprietary software. Veracode is not an objective observer; it is trying to sell something. Sonatype too, a nasty company which we wrote about before [1, 2, 3, 4, 5, 6], rears its ugly head in the media, in an article provocatively titled "Open-Source Code Can Be More Dangerous Than Useful".

So Sonatype has launched yet another FUD attack on Free software, using myths and rhetoric, capitalising on gullible 'journalists' who would print just about anything, along with clueless pasting of bugs with logos (for extra fear), no discussion about severe bugs in proprietary software, and many other issues. This article is relaying marketing from Sonatype and dramatises it even further. "It gets worse," says the writer, "according to Sonatype: Many of the software companies that have built insecurities right into their products wouldn't be able to tell which of their applications are affected by a known component flaw because of poor inventory practices."

Well, proprietary software deliberately adds flaws to act as secret back doors. How about that in the discussion? The article totally omits that. The article then adds some talking points from the FOSS-hostile Symantec, another company which tries to sell its proprietary software based on perceptions of insecurity.

Thankfully, there are a couple of comments there (below the article) that highlight the issues with the article; both are titled "Not only open source..."

As Free/libre software becomes more mainstream we should expect more parasites like Sonatype to look out for fools who are willing to do their marketing, monetising trash-talk. ⬆

Real Life Should be Offline, Not Online, and It Requires Free Software: Resistance means having the guts to say "no!", even in the face of great societal burden and peer pressure
IBM Took a Man’s Voice, Pitting Him Against His Own Work, While Companies Profit from Low-Effort Garbage Generated by Bots and “Self-Service”: Reprinted with permission from Ryan Farmer
Links 26/09/2023: KDE, Programming, and More: Links for the day
Mozilla Promotes the Closed Web and Proprietary Webapps That Are Security and Privacy Hazards: This is just another reminder that the people who run Mozilla don't know the history of Firefox, don't understand the Web, and are beholden to "GAFAM", not to Firefox users
Debian More Like an Exploitative Sweatshop Than a Family: Wiltshire is riding a high horse in the UK, talking down to Indians who are "low-level" volunteers in his kingdom of authoritarians, guarded by an army of British lawyers who bully bloggers
Small Computers in Large Numbers: A Pipeline of Open Hardware: They guard and prioritise their "premiums", causing severe price hikes due to supply/demand disparities.
Microsoft Deserves a Medal for Being Worst at Security (the Media Deserves a Medal for Cover-up): There are still corruptible/bribed publishers that quote Microsoft staff like they're security gurus
10 Reasons to Permanently Export or Liberate Your Site From WordPress, Drupal, and Other Bloatware: There are certainly more more advantages, but 10 should suffice for now
About 200,000 Objects in Techrights Web Site: This hopefully helps demonstrate just how colossal the migration actually is
Good Teachers Would Tell Kids to Quit Social Control Media Rather Than Participate in It (Teaching Means Education, Not Misinformation): Insist that classrooms offer education to children rather than offer children to corporations
Twitter: From Walled Gardens to Paywalls and/or Amplifiers of Fascism: There's moreover a push to promote politicians who are as scummy as Twitter's owner
The World Wide Web is Being Confiscated From Us (Like Syndication Was Withdrawn About a Decade Ago) and We Need to Fight Back: We're worse off when fewer people promote RSS feeds and instead outsource to social control media (censorship, surveillance, manipulation)
Next Up: Restoring IRC Log Pipelines, Bulletins/Full Text RSS, Wiki (Archived, Static), and Pipelines for Daily Links: There are still many tasks left ahead of us, but we've progressed a lot
An Era of Rotting Technology, Migration Crises, and Cliffhanging: We've covered examples from IBM, resembling the Microsoft world
First Iteration of Techrights as 100% Static Pages Web Site: We want to champion another decade or two of positive impact and opinionated analysis
Links 25/09/2023: Patent News and Coding: some remaining links for today
Steam Deck is Mostly Good in the Sense That It Weakens Microsoft's Dominance (Windows): The Steam Deck is mostly a DRM appliance
SUSE is Just Another Black Cat Working for Proprietary Giants/Monopolies: SUSE's relationship with firms such as these generally means that SUSE works for authority, not for community, and when it comes to cryptography it just follows guidelines from the US government
IBM is Selling Complexity, Not GNU/Linux: It's not about the clients, it's about money
Birthday of Techrights in 6 Weeks (Tux Machines and Techrights Reach Combined Age of 40 in 2025): We've already begun the migration to static
Linux Foundation: We Came, We Saw, We Plundered: Linux Foundation staff uses neither Linux nor Open Source. They're essentially using, exploiting, piggybacking goodwill gestures (altruism of volunteers) while paying themselves 6-figure salaries.
Security Isn't the Goal of Today's Software and Hardware Products: Any newly-added layer represents more attack surface
Linux Too Big to Be Properly Maintained When There's an Incentive to Sell More and More Things (Complexity and Narrow Support Window): They want your money, not your peace of mind. That's a problem.
Modern Web Means Proprietary Trash: Mozilla is financially beholden to Google and thus we cannot expect any pushback or for Firefox to "reclaims the Web" a second time around
Godot 4.2 is Approaching, But After What Happened to Unity All Game Developers Should be Careful: We hope Unity will burn in a massive fire and, as for Godot, we hope it'll get rid of Microsoft
GNU/Linux Has Conquered the World, But Users' Freedom Has Not (Impediments Remain in Hardware): Installing one's system of choice on a device is very hard, sometimes impossible
Another Copyright Lawsuit Against Microsoft (or its Proxy) for Misuse of Large Works by Chatbot: Some people mocked us for saying this day would come; chatbots are a huge disappointment and they're on very shaky legal ground
Privacy is Not a Crime, Reporting Hidden Facts Is Not a Crime Either: the powerful companies/governments/societies get to know everything about everybody, but if anyone out there discovers or shares dark secrets about those powerful companies/governments/societies, that's a "crime"
United Workforce Always Better for the Workers: In the case of technology, it is possible that a lack of collective action is because of relatively high salaries and less physically-demanding jobs
Purge of Software Freedom and Its Voices: Reprinted with permission from Ryan Farmer
GNOME and GTK Taking Freedom Away From Users: Reprinted with permission from Ryan Farmer

The Shameless Campaign to Paint/Portray Free Software as Inherently Insecure, Using Brands, Logos, and Excessive, Selective Press Coverage

Recent Techrights' Posts