No Food for Thought

FLOSS Fall? Security reality catching up with free software

admin Sunday October 2, 2022

A couple decades ago, free software was the target of much FUD, notably regarding its security. But free software evangelists could easily reply to Microsoft and other vendors that Mozilla's browser had much less flaws than Internet Explorer.

In fact, the reality was that many more flaws were being discovered in MSIE than in Firefox. Mostly because people had much less interest in finding flaws in Firefox than in MSIE. Firefox's rise would prove in just a few years that Mozilla was far from immune to security flaws.

The continued flood of free software has meant free software vulnerabilities now have an impact similar to those in proprietary software. Catastrophic flaws from the last decade in OpenSSL and Log4j have started to show some of the FUD was quite accurate.

KNP has been decrying software mediocrity for years, but things don't change overnight. I was involved in projects for which quality, including security, is - at best - an afterthought. Even (internally) known security flaws can remain for years, while fresh ones are being added.

There are lots of free software components which vary a lot in quality and in so many aspects, but most have something in common: either their quality is mediocre, or they don't exist. And while many users may be willing to put up with mediocre quality in many ways, organizations may have difficulty ignoring bad security track records.

Research suggesting some 40% of professionals have already scaled back their use of OSS may be worrying, but the timing matters, and the importance of that decline was not measured.
Better late than never. It's still time to react, and OpenSSF's promises are good reason for hope, but many open source projects need to perform a fundamental reprioritization.

Fully Free

Kune ni povos is seriously freethough not completely humor-free:

  • Free to read,
  • free to copy,
  • free to republish;
  • freely licensed.
  • Free from influenceOriginal content on Kune ni povos is created independently. KNP is entirely funded by its freethinker-in-chief and author, and does not receive any more funding from any corporation, government or think tank, or any other entity, whether private or public., advertisement-free
  • Calorie-free*But also recipe-free
  • Disinformation-free, stupidity-free
  • Bias-free, opinion-free*OK, feel free to disagree on the latter.
  • Powered by a free CMS...
  • ...running on a free OS...
  • ...hosted on a server sharedby a great friend for free