Fortify jumps on the Meta open source bandwagon

I've already noted my scepticism with regard to the Tories' pledge to go open. Although I applaud a move away from an increasingly closed, authoritarian UK government, my feelings are that it's a case of jumping on the trendy bandwagon of openness.

OK, so riding the waves is what politicians do. But they're not the only culprits: companies do it too. Here's a particular fine example, because it's not so much jumping on the bandwagon, as jumping on somebody jumping on the bandwagon:

Fortify Software, the software security assurance specialist, says that the Conservative party is misguided in its criticism of the UK government over its lack of support for open source software.

"The Conservatives have accused the Government of failing to capitalise on open source software, despite reports from government agencies that have recommended its usage," said Richard Kirk, Fortify’s VP and GM of Europe.

"Our own research, however, has concluded that open source software exposes users to significant and unnecessary business risk, as the security is often overlooked, making users more vulnerable to security breaches.

"That's not to say that commercial software isn't without risks, but any flaws on commercial applications tend to get patched a lot faster than on open source, as the vendors producing the software have a lot more to lose than an open source programmer," he added.

Oh really, and what would this in-depth research be, pray?

According to Kirk, Fortify's sponsored report, released last summer, looked at 11 of the most common Java open source packages, scanning them using Fortify SCA, the static analyser seen in its security suite, Fortify 360.

Oh right, so this isn't some deep new research, but rather a warmed-over report from last summer.

And remind me again, what does it survey exactly? Why: "11 of the most common Java open source packages".

And that relates to the Tories' proposal precisely how? Were they suggesting that the entire UK government IT infrastructure be built using open source Java packages? I think not.

Were they, rather, suggesting it might be useful to take a look at stuff like, you know, GNU/Linux, Apache, MySQL? That was more the impression I got. And is this covered in the slightest by the Fortify Software report? No, I thought not.

In other words, the current press release is extrapolating from some old research on 11 Java packages to the entire open source ecosystem.

1 2 Page 1
Page 1 of 2
8 highly useful Slack bots for teams
Shop Tech Products at Amazon