Really Desperate Times for Fortify
We have a [ahem] story about how the Tories are unwise to promote Open Source because of, apparently, some inherent security flaws:
But Kirk said Fortify’s own research has shown that OSS exposes users to “significant and unnecessary business risk”. This is because security is often “overlooked,” according to Kirk, which makes users more vulnerable to security breaches.
Glyn Moody explains that this research from Fortify, was actually on just “11 of the most common Java open source packages”. Big deal. The research was from July of last year too and was discussed at that time.
I won’t dwell on the merits, or not, of the research itself. There are many excellent reports in the public domain that quite clearly demonstrate the strengths of the Open Source Software production model. Between proprietary and OSS methods I know which I believe is inherently more secure, and more robust too. Just recall on the last couple of months of Microsoft security holes.
But this whole saga really gets-my-goat because it isn’t news; it is an old story, and not even a good one, wrapped up in the shiny new cellophane of the Conservatives’ recent public commentary. And why? Because I can only believe that companies like Fortify are running shit-scared as they are seeing their profits dwindle to nothing and are being constantly beaten in competitive sales situations by the better, and cheaper, product.
Sowing some FUD and getting some cheap publicity doesn’t fool anyone anymore.
Matt Assay has an unusually succinct post on his blog today that sums it up nicely:
Jeffrey Hammond, principal analyst at Forrester, just Twittered something that is about to hit the traditional software world like a ton of bricks:
Just got off the phone with a client who’s been mandated to use [open-source software] because licensing costs are killing them.
Call it the beginning of the end, if you like, but it’s coming.
Spot on Matt.