Forgot your password?
typodupeerror
Security Software Politics

UK Conservatives Slammed Over Open Source Stance 281

Posted by timothy
from the fully-support-my-party's-stance-on-the-issue dept.
Golygydd Max writes "The UK government has been criticised by the opposition Conservative (Tory) party for its lack of support for open-source software. Now, according to Techworld, a security company that has examined the Tory plans has come out against the use of open source software, citing the number of security problems inherent in the software. This is a sensitive issue for the UK government, still smarting from the loss of 7m family records from HM Revenue and Customs in 2007. What makes this criticism interesting is that this is an attack on the policies of what will certainly be the next British government — it's unusual for a party to be criticised like this before it comes to office. It's an indication of how IT is going to be a battleground in the future general election."
This discussion has been archived. No new comments can be posted.

UK Conservatives Slammed Over Open Source Stance

Comments Filter:
  • Hmmmm.... (Score:5, Interesting)

    by Anonymous Coward on Friday February 06, 2009 @02:04AM (#26748699)

    > it's unusual for a party to be criticised like this before it comes to office

    Clearly timothy is unfamiliar with UK politics.

    • Re:Hmmmm.... (Score:5, Interesting)

      by Xest (935314) on Friday February 06, 2009 @05:37AM (#26749633)

      > It's an indication of how IT is going to be a battleground in the future general election.

      Indeed Mr AC, you're right.

      The UK doesn't have battleground issues in politics like the US, the UK is plagued with football team style voting, most of Yorkshire will vote Labour, most of London will vote Conservatives, the rest of the country will vote one or the other depending with a few Lib Dem pockets (Sheffield, Cambridge) littered in between.

      It doesn't matter what their policies are, people don't care about that, the people in Yorkshire (disclaimer: that's where I live) will as always go on about how Thatcher ate their babies in the 70s/80s and so vote Labour, the people in rich areas will go on about how Labour caused a big recession in the 70s and vote Conservatives and the few parts of the country capable of intelligent, dynamic thought will actually vote for the party that actually fits their political hopes best.

      People here rarely seem to vote on the merit of a party's politics or agenda but instead based on whatever x party did 20 to 40 years ago and those that weren't around then still vote on what party x did 20 to 40 years ago because their parents have whined to them all their lives about how hard party x made life for them all that time ago.

      I think part the problem is that in the UK we get no political education whatsoever, kids grow up without a clue as to what left wing and right wing are, what the different flavours of conservatism for example are, what liberalism and libertarian are and where our parties sit in these areas. We're never taught the importance of voting, or how our vote can effect the outcome of an election, hell most people don't even know what the house of Lords is, they think parliament is one big single chamber of sheer boredom. I find this quite shocking, because whilst I can see the merit in music class, religious education, art and so on I really do think politics is perhaps more important, yet oddly entirely neglected. I could quite happy have lived without the hour a week spent in music class, or the 2 to 3 hours spent on English literature (although language is of course important), I understand some people do want to know this, but it should've been optional whereas I'm not convinced politics should be. We already have history lessons to teach us about our and the world's past so I simply cannot see what is more important about analyzing Wordsworth's Daffodil poem, searching for things that Wordsworth probably never really actually intended us to decide was there as a hidden meaning in the first place to merit a complete national ignorance of how our country is run and how our elected powers work.

      I wonder if part the reason there's no will to change this is because both Labour and the Conservatives know that whilst no one has a clue about politics then one or the other is guaranteed to get in via the current football team voting mentality and as such there will be no threat to power being taken away from either of them- when one has had a few years, the other is bound to get in, rinse and repeat.

      I think this is the fundamental difference between British and American politics at least, whilst you do get Republicans who always vote Republican and Democrats that always vote Democrat at least you had the likes of Colin Powell endorsing the Democrats because he realised despite them being the opposition, they had the better policies at the end of the day.

      • Re:Hmmmm.... (Score:4, Informative)

        by jabithew (1340853) on Friday February 06, 2009 @06:20AM (#26749829)

        most of London will vote Conservatives

        Er, is this a different London to this one [bbc.co.uk]? Or this one [wikipedia.org]?

        The South East and South tend to vote Tory. London is pretty mixed.

        • by Xest (935314)

          As I just posted to the AC that replied to me- apologies for that one, it's a local Yorkshire thing, we often tend to refer to the south east as just "London", as noticed by another person in response to me it's the whole North/South divide thing where anyone in the South East is a Londoner! I should've been more specific bearing in mind this is an international audience and not a local audience ;)

      • ok I am just having a laugh cos I know you were teasing too on the old north/south divide, we're all southern softies and you're hard as nails with ferrets down your trousers... but most of London doesn't vote Conservative. More like a split between Labour/Lib/Tory.

        I lived in Hackney for ten years and that's hardly a rich place, there's not a lot of love for Thatcher and now Cameron there. Reckon there's probably more Cameron voters in the posh end of Sheffield than in Hackney or Brixton...

        But yeah we proba

        • Re: (Score:3, Insightful)

          I usually just vote for who the Doctor endorses and be done with it!

          Voted for Harriet Jones first term, and against her second term, and against Harold Saxon.

      • Re:Hmmmm.... (Score:5, Insightful)

        by Anonymous Brave Guy (457657) on Friday February 06, 2009 @07:06AM (#26750027)

        The problem we have in the UK isn't just football team mentality, it's the bizarre way our "representatives" are elected. Well, the way some of them are elected, anyway. It is disturbing that the so-called "upper house" was, until recently, a group of people who hold office only because a distant ancestor was rich or because they hold a high office in a particular religion (yes, really). These days, they are almost all appointed, though I think the 92 hereditary peers who survived Labour's initial reforms are still there, and the Lords conveniently overturned a strong vote in the Commons for a 100% appointed upper house, arguing for 100% appointed (and therefore their own jobs) instead. In any case, members of the upper house still retain office regardless of trivia like criminal convictions and accepting bribes to "do the right thing" with certain laws. Perhaps we should just go back to the fifteenth century and let the church run the show? At least 5% of the population are practising Christians, which gives them more moral authority than our upper house today!

        Meanwhile, the first-past-the-post voting system ensures that the Commons alternates between the two dominant parties with a huge majority each, even though that is in no way representative of the strength of support the party in power actually carries among the population at the time. Don't even get me started on European government, which is a fantastic excuse for political parties to push through legislation their electorate don't want because "Europe told me to, mummy!", while conveniently overlooking the way that Europe only considered the issue because the unelected representatives of the country asked them to.

        In any case, none of this helps me: I have fairly moderate, well-considered, and (I think) consistent political views, yet none of the parties with even a chance of getting a seat in Parliament represents my views. Labour are a complete waste of space, even if you're one of the "hard-working families" they were formed to look out for, and the current administration has no democratic mandate anyway. The Tories don't know what their policies are, though they keep trying to sound really convinced about what they believe this week, and they're certainly still on the draconian side when it comes to state power and even worse when it comes to allowing businesses to become the most powerful players in the game. (They're in favour of copyright term extension too, BTW, despite an overwhelming majority — for once the over-used term is justified — of respondents to the government's Gowers Review criticising such a move.) Cameron all but washed his hands of one of the few guys he had with the guts to stand up for what he believed in. The Lib Dems seem to think an arbitrarily high level of tax on people who earn more than average is "fair", probably because very few such people will ever vote for them anyway, and their policies on things like the environment and transport are the kind of thing you can only say if you're never going to achieve office because they conveniently overlook trivia like keeping the lights on and getting people to work. The one guy they had with any sort of clue was leader only briefly, and then stepped aside for another guy with all the depth of a two-dimensional object. Then, in England at least, you're into minor parties like the Greens (whose one issue got stolen by everyone else), the BNP (who do a disturbingly good job of sounding reasonable on some topics, until you realise what they really mean), the UKIP (who also might sound plausible on those sorts of issues, but have no credibility after pulling stunts like letting Kilroy-Silk's ego run the show for a while), and so on.

        So who does that leave for me, and a heavy majority of friends I've talked to on political subjects, who believe in things like individual rights and freedoms, in exchange for individual responsibility; strong laws, but due process to enforce them; small, weak government; low taxes; healthy European relationships for tr

        • Re:Hmmmm.... (Score:4, Insightful)

          by Xest (935314) on Friday February 06, 2009 @07:25AM (#26750113)

          I know exactly where your coming from and I think it's another reason that politics should be taught in school, I think if it was then we would have a much better variety of political parties to represent our views.

          Also I think the Lords problem would be solved if we could solve the commons problem, the commons has the power to eventually remove control from the Lords and so I think the Lords issue would be resolved as a side effect of fixing the commons.

          Personally, I'll probably vote Lib dems next election because I think although they don't fully represent my views, they come the closest. David Davis is about the only guy in the Conservatives I trust and as you mention, he's not even part of the core team anymore.

          Regarding the Lib Dems though, I think some of the things they say that sound impossible are actually quite reasonable, one strikes me in particular as I can confirm it's validity. The Lib Dems have mentioned that they would make savings in public sector of around £20bn if I recall, I've encountered many people say that's a joke, there's nothing to save but having worked in public sector for a few years I can confirm that it is quite a valid claim to make and in fact, I think they're underestimating the amount that could be saved. I worked in local government and saw potential for millions to be saved in a single local government department alone, extrapolated across all public sector departments, across the whole country I think their claim is quite valid. My real concern is that Labour and to a lesser extent, the Conservatives seem quite ignorant about how much really could be saved.

        • For fucks sakes. (Score:4, Insightful)

          by jotaeleemeese (303437) on Friday February 06, 2009 @11:07AM (#26751879) Homepage Journal

          Get involved in the party closer to your heart and change things (it is what I did when I was in my country, a place far more dangerous than the UK for opposition politicians).

          I frankly can't stand all this defeatist whining.

          • Re: (Score:3, Insightful)

            by Repossessed (1117929)

            Get involved in the party closer to your heart and change things

            That's great and all but lets take a look at US, and to a large extent (gleaned from to many UK political blogs) UK, politics.

            To start with, most seats are going anywhere, there are no term limits for most offices, and party line voting means that elections are basically shams for many positions. There is only one national level office available in my state that is available to the party whose rhetoric (if not actions) mostly matches my ideals. It has been held by the same man for 8 years, until he actual

      • Re:Hmmmm.... (Score:4, Insightful)

        by commodore64_love (1445365) on Friday February 06, 2009 @08:46AM (#26750461) Journal

        This is why ye should pull thy kids out of government schools (whose sole purpose is to keep the voters ignorant & easily malleable), and send them to a private school or homeschool.

        BACK to topic:

        Speaking as an outsider, I don't understand how Open source software can be secure. If the virus makers have access to the source, doesn't that make it easier to examine and locate flaws in the program?

        • Re:Hmmmm.... (Score:5, Insightful)

          by Xest (935314) on Friday February 06, 2009 @09:05AM (#26750589)

          Yes, but it also makes it easier for those who use the software to locate and fix the flaws first ;)

          To give a better explanation of why OSS is more secure though, think about this scenario. You have a web server on the wide open internet serving an important web page for your business or institution and any downtime will lose you thousands, maybe millions of pounds of profit (think how much Amazon would lose if it's site goes down for example). If you run an open source web server and an exploit is uncovered by security researchers that allows an attacker to take over your web server then you can edit the source code to fix it immediately, or at least put a quick fix in place to block the attack and have very little, perhaps even no downtime.

          If however you rely on a propriatary vendor, say Microsoft, to fix it and it takes them 2 weeks to release a patch, what do you do in the meantime? Do you keep your web server up and risk having your web server hijacked or do you take it down and lose millions in business?

          This is just an example, you can mitigate the problem by having a firewall block attacks but this only works to a degree. I wasn't too sure about why OSS myself was more secure for a while, but it's one of those things that when you look into the reasoning behind such comments you'll see realise that yes, they're right, OSS really is fundamentally a more secure concept.

          Of course, the other thing to realise is that binaries are themselves fairly trivial to interpret for people who have a strong computer science background such that it's not even particularly a massively difficult task to spot exploits in closed source software. It is however often much harder to fix faults in closed source software in the same way.

        • Re: (Score:3, Insightful)

          by jonbryce (703250)

          Yes it does. That's why it is more secure. If there is anything wrong with the program, it is picked up much more quickly, and something is done about it.

      • Re: (Score:3, Interesting)

        by He who knows (1376995)
        We do now get political education called "Citizen ship". we have to spend an hour a day on it and it is useless. It is basically propaganda for labor saying how good they are with new laws. Nobody pays any attention to it. The people who can understand what it is about realise how awful it is while the people it is aimed at don't care about it. I feel sorry for people who now have to do it for GCSE. It is worse than media studies or music tech.
    • by N1AK (864906)

      Clearly timothy is unfamiliar with UK politics.

      I don't see why this hasn't been modded up.

      Although the current government is massively behind the Conservatives in the polls, the date for the election hasn't even been set yet. It is likely that we will have a change of government at the next election but stating it as fact in a summary is still a mistake at this time.

    • by sqldr (838964) on Friday February 06, 2009 @06:55AM (#26749977)

      Clearly timothy is unfamiliar with UK politics.

      Could be worse.. half of america thinks Obama is the antichrist [fstdt.com].

  • by bogaboga (793279) on Friday February 06, 2009 @02:10AM (#26748721)

    ...Now, according to Techworld, a security company that has examined the Tory plans has come out against the use of open source software, citing the number of security problems inherent in the software...

    I think we need to be objective here. Software both closed source and open source is created by human beings.

    By nature, these human beings make mistakes.

    The question then becomes: Which model of software development fixes security issues faster? We should collect statistics here and convince these Britons that OSS is still the best model around.

    We should also remind the skeptics about OSS, that more than 80% of internet traffic is handled by OSS systems, so if OSS were that insecure, it would show...fast.

  • by Walkingshark (711886) on Friday February 06, 2009 @02:15AM (#26748747) Homepage

    "Our own research, however, has concluded that open source software exposes users to significant and unnecessary business risk, as the security is often overlooked, making users more vulnerable to security breaches," said Fortify vice president, Richard Kirk.

    US outfit Fortify Software has come up with research to prove it.

    Uh, wow, a US company that sells software doesn't want the British government to switch to open source software? What a radical position to take! Of course, it couldn't have anything to do with the fact that its hard to price gouge a rich government for security software if they're not running propriatary crap. I'm sure if they had their way the Brits would all be running Vista and MS Office.

    • by rtfa-troll (1340807) on Friday February 06, 2009 @02:41AM (#26748879)

      A simple Google Search [google.com] shows rather more than just being a vendor of some random proprietary software. Fortify is a Microsoft partner which has indulged in joint product launches with them [microsoft.com] and this isn't even mentioned in the original article.

      This is yet another example of a Microsoft inspired campaign of lies. This group never changes and they and their software should be automatically excluded from all state contracts for ethical violations.

      • by tokabola (771071) on Friday February 06, 2009 @03:19AM (#26749037) Homepage
        The "press release" by Fortify for this claims that Larry Suto performed the test. He has a reputation for faulty, perhaps even fraudulent, testing methods. He also only tested 11 specific Java apps (and Fortify sells "audited" versions of those apps). The tests were performed using Fortify's software, no other testing software was used. So the accuracy of this test relies on the accuracy of Fortify's software, which hasn't been independently tested as far as I can tell. The press release also mentions findings by the Forrester Group, who are well known for a history of spreading inaccurate FUD about non-MS software.
    • by SanityInAnarchy (655584) <ninja@slaphack.com> on Friday February 06, 2009 @03:34AM (#26749103) Journal

      Completely shoddy, backwards arguments, too:

      any flaws on commercial applications tend to get patched a lot faster than on open source, as the vendors producing the software have a lot more to lose than an open source programmer

      This ignores the "many eyes" factor, and the additional effect that anyone who finds a security vulnerability can also patch it, and can inform people of the patch at the same time as the vulnerability. Contrast this to proprietary software, where anyone who does find a breach will also find that the best they can do is report it to the vendor and hope for the best -- and when some of them take many months to be patched, it may be worthwhile for them to start exploiting it, if for no other reason than to get Microsoft to take them seriously.

      All of those have been argued to death... Let's assume I'm completely wrong. There's still the fact that there are many corporations which support open source. If an IBM, or a RedHat, or a Canonical ships an insecure product, they have every bit as much to lose as a proprietary vendor -- often moreso, as they tend to have quite a lot more competition.

      All of which has very little to do with the supposed counterargument:

      We need to move in the direction of what are known as 'open standards' - in effect, creating a common language for government IT. This technical change is crucial because it allows different types of software and systems to work side by side in government.

      Microsoft aside, there is plenty of proprietary software that not only supports open standards, but actually revels in them. Unless the argument about security implied that there's an inherent insecurity in ODF itself, I don't see what the relevance is.

      However, this article unfortunately presents it as an argument of security against hot new stuff. I don't think anyone is urging the government to become less secure.

  • Doesn't make sense (Score:4, Insightful)

    by Psychotria (953670) on Friday February 06, 2009 @02:15AM (#26748749)

    ...it's unusual for a party to be criticised like this before it comes to office.

    How is it unusual? It happens all the time. And anyway, the whole summary doesn't make sense.

    The UK government has been criticised by the opposition Conservative (Tory) party for its lack of support for open-source software.

    And, then:

    a security company that has examined the Tory plans has come out against the use of open source software

    So, the security company agrees with the current government? How is this news?

    • by Walkingshark (711886) on Friday February 06, 2009 @02:17AM (#26748759) Homepage

      Not to mention its an American company with a product to sell, and that product's utility is strongly diminished by using open source software.

  • An indication? (Score:5, Insightful)

    by JPortal (857107) <joshua...gross@@@gmail...com> on Friday February 06, 2009 @02:21AM (#26748781) Homepage

    "It's an indication of how IT is going to be a battleground in the future general election."

    Not really. Politicians will grasp at anything to make sensational claims about their opponents. Doesn't matter if it involves IT, their sex lives or what they eat for breakfast.

    American here, maybe politics are better in the UK. (but I doubt it)

    • by Hal_Porter (817932) on Friday February 06, 2009 @02:31AM (#26748829)

      Doesn't matter if it involves IT, their sex lives or what they eat for breakfast.

      Unfortunately with some MPs it may involve all three.

      • by SpringRevolt (1046) on Friday February 06, 2009 @04:05AM (#26749215)

        An orange, a CAT5 cable and a pair of stockings..?

        • I know you were being facetious, but it really wouldn't surprise me. And, as you may know from watching the sex-scandals of american Republicans (like the anti-sex trade campaigner caught using escorts, or that "gay people shouldn't have any rights" guy caught in the toilets with a cop..), as you can guess, the Conservative party are usually the worst. There's something about being right-wing that lends itself to sexual perversion and scandal.
          Oh, sure, Labour, the Lib-Dems, they have their sex scandals, b

  • Missing step ???? (Score:5, Insightful)

    by Galactic Dominator (944134) on Friday February 06, 2009 @02:27AM (#26748803)

    1. Identify greatest long term threat to my industry

    2. Conduct "Research" on threat and publish to increase FUD.

    3. Sell products to "fix" FUD issues.

    4. Profit!

    Subject: No ?????????
    Filter error: Your subject looks too much like ascii art.

    You saw him repressing me, didn't you?

    • Re: (Score:2, Insightful)

      by LazySlacker (212444)

      I disagree, OSS is an opportunity to Fortify. The implication is that the Tories didn't include ensuring the security of OSS in their plans. What Fortify should want is

      Gov use OSS
      Gov need security assurance
      Gov purchase Fortify s/w.
      Gov Fortify against the source code - something they can only do with OSS.
      Given that you can't outsource accountability, any org that wants to ensure security of OSS must buy the Fortify product.

  • by D-Cypell (446534) on Friday February 06, 2009 @02:30AM (#26748817)

    Politics is about, "We would do things better than you do!", open source software is just an unfortunate, innocent bystander in this process. If Labour were open source advocates, the Tories would be saying exactly what the, presumably Labour funded, security company are saying right now.

    Personally, I think the time has come for another interesting political scandal so they will leave the software industry alone.

    For those of you not familiar with UK politics, it works a bit like this...

    There are 2 main parties, plus a 3rd with a small but meaningful number of seats. Each of the two main parties elect a leader who becomes candidate for PM. Labour are historically the party for the working man, formed out of the unions, however, in recent years they have figured out that the working man is significantly less likely to invite you for a spin on their yacht, so have shifted their position a little.

    The current opposition party, the conservatives (or 'Torys'), usually have MPs that come from the rich and privately educated set, such as the hilarious London mayor Boris Johnson (seriously, look this guy up, he is a laugh a minute). They stand for strong family values, but are actually quite likely to be found having a three-way homosexual romp in a public toilet while their wife is at home taking care of the kids.

    Neither party gives the slightest toss about open source software (at least, not even close to the level that we do here), but they *do* care about scoring some points. If FOSS is the battlegroud-dujour so be it... tomorrow it will be the colour of the sky!

    Incidentally, you have have detected a slight hint of British cynicism in my post, it is pretty common. When Obama got elected I was thinking, "Does this guy have a brother that can come and help us out?", then I found out he has a brother that has recently been charged with drug offenses in Kenya... but to be honest, I am still thinking... 'He'll do!'.

    • The situation is almost identical in Canada, except rather than:

      There are 2 main parties, plus a 3rd with a small but meaningful number of seats.

      we've managed to introduce a fourth party which had its origins (ostensibly) in separatism, but is largely a status quo party with regional motivations. Our Tories also stopped being Tories during a phase after Brian Mulroney. We only had Joe Clark to kick around as the official Tory, since the other Tories were busy trying to be popular rather than promoting their traditional ideals.

      Further: yachts aren't the thing here, so that's differe

    • by williamhb (758070) on Friday February 06, 2009 @03:12AM (#26749015) Journal

      Ok, a slightly less blinded-by-the-cynicism round-up.

      Labour used to be dominated by the unions, but then realised this was making them almost unelectable as anybody who isn't in a union really doesn't like other people's unions very much. They've tried to become centrist.

      Conservatives used to be very much for "small government", turning everything free market and cutting taxes as far as possible. They've been realising that times have changed since the 80s and a social conscience is generally seen as a good thing. So, both the main parties have been chasing "the middle ground", or at least marketing themselves that way.

      The Liberal Democrats formed from an amalgam of a breakaway party from Labour (the SDP) and one of the old British political parties (the Liberals). They tend to have a socially progressive set of policies, often highlighting just one or two policies that sound populist or radical (eg, local income taxes) because they struggle to keep their profile up in the media.

      Things are complicated further because while the Lib Dems have far too few seats ever to form a government, they have much more evenly spread support than the two main parties -- so northern seats are often Labour vs Lib Dem battles, while southern seats are often Conservative vs Lib Dem battles, making British politics a very odd fight: it's not a straight fight between Labour and Conservatives, but also a question of which of them can fight the Lib Dems at a local level more convincingly.

      Also, although the Conservatives have a lead in the polls, the original headline is wrong to say that the Conservatives are "certainly going to be the next government", because of the way constituency borders are at the moment. The large lead in the vote could very easily turn into a small loss in numbers of seats, or a "hung parliament" (which in practice would probably mean a Labour minority government, as on economic issues the Lib Dems vote with Labour more often than with the Conservatives)

    • Re: (Score:2, Insightful)

      by Carfiend (1274550)
      I vote Raving Monster Loony since they are the only Party with policies that make any sense.
    • When Obama got elected I was thinking, "Does this guy have a brother that can come and help us out?"

      Are you sure about that? Remember 1997 when "Things could only get better" and the new saviour of British politics was elected as a PM who would single-handedly remove corruption and nepotism from UK politics, all while being an all round nice guy? See how well that's gone...

    • Incidentally, you have have detected a slight hint of British cynicism in my post, it is pretty common. When Obama got elected I was thinking, "Does this guy have a brother that can come and help us out?", then I found out he has a brother that has recently been charged with drug offenses in Kenya... but to be honest, I am still thinking... 'He'll do!'.

      You like Obama, eh? He's young, he's cool, he's fantastically charismatic, he's a little left of centre but not intimidatingly so, he's selling a vision of

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      I would beg to differ. I do this because I am one of the people advising, well indeed pushing OS within the Conservative Party, hence the AC moniker.

      While it may used as a political football there is a good reason also for getting FOSS into Govt. It saves money, which is always good, and if we get Govt to use it, we can get schools to use it and hopefully start to reverse the abysmal decline in coding and computer science in our schools. That's my agenda for pushing it anyway - it's something that the count

  • Anyone for TenDRA? (Score:5, Insightful)

    by Antony T Curtis (89990) on Friday February 06, 2009 @02:31AM (#26748823) Homepage Journal

    The British Government, or at least, branches of it, used to be very open source friendly. Developing software and publishing it with a very permissive license attached to the source code.

    Alas, since the Blair Regime started, that all seemed to come to an end... and the British people had to learn to put up with huge IT spending to private firms, usually affiliated with Fujitsu or Microsoft ... and those public IT projects would famously fall flat on their faces and be quietly shelved.

    Just look at the recent hiccups with the UK Biometrics scheme... 'nuff said.

    • by williamhb (758070) on Friday February 06, 2009 @02:55AM (#26748925) Journal
      Some branches of the UK Government still do develop software and publish it with very permissive licenses. For example, JISC (the Joint Information Systems Committee) has sponsored a number of projects to produce open source software in higher education. And various other arms of the British Government always have spent huge amounts of money through private firms, often falling flat on their faces. Government projects failing isn't a new invention.
  • See to believe.... (Score:5, Interesting)

    by qw0ntum (831414) on Friday February 06, 2009 @02:52AM (#26748917) Journal
    A link to the company's study: http://www.fortify.com/servlet/download/user/OpenSource_Security_WP_V5.pdf [fortify.com]

    While they raise a couple interesting points, my first impression is that they broadly generalize from a small sample set. Specifically, they only look at about 10 Java projects (including Tomcat, Hibernate, and JBoss), and proceed to conclude that the open source community is unresponsive to security threats. Conspicuously absent are any Linux distributions (let alone any *BSD... they have obviously never heard of OpenBSD), OpenOffice, or any tools likely to make it into desktop use for the UK government.

    Oh, and the solution to all this apparently is to rely on their company's security auditing services to make sure that your company doesn't have "hidden security holes".... Riiiight....
    • by eof (33820) on Friday February 06, 2009 @03:29AM (#26749079)
      Yes. Not only was the study out of context with the conclusions TFA reached (It's a study specific to FOSS Java-based projects and deployments, not FOSS in general), but the study itself isn't clear on what its objectives were. It fails to elaborate on methodologies used to conduct the examinations of projects or process, fails to elaborate on any of the security issues found, and fails to offer any comparative analysis with a successful application of the study to other projects, open source or otherwise. It reeks of FUD.
  • Actually both the city of London (which would tend to contain Tories, they're often investment bankers) and the BBC (which contains champagne socialists) both use a lot of open source, mainly scripting languages, databases and web servers.

    However, in both cases, anybody 'political' wouldn't actually dirty their hands with 'software' AND software engineers wouldn't dirty their hands with 'politics'.

    As for the 'report' it's basically self-promotion by the company in order to peddle its wares.
  • by jools33 (252092) on Friday February 06, 2009 @02:58AM (#26748943)

    In case I missed something there are multiple parties in the UK who will contest the next election - there are no certainties. Whilst the Tories may have a strong lead now in the polls anything could happen between now and the election.

  • by eof (33820) on Friday February 06, 2009 @03:08AM (#26749005)
    Fortify Software is not exactly a neutral party for conducting studies of the fitness of FOSS for enterprise software use. Half its Board of Directors have ties to enterprise software and service corporations like PeopleSoft, Sybase, Oracle, and Microsoft. I think I might get a second opinion.
    • by Kjella (173770) on Friday February 06, 2009 @04:09AM (#26749237) Homepage

      I don't think you need a big anti-OSS conspiracy for this one. If you asked them "So if we went with closed source, we wouldn't need your products?" you can damn well bet they'd say you need their product to "enhance" your security then as well. It's just another piece of "If you do this, you need us. If you do that, you really need us. And if you do THAT, you REALLY need us." product placement to sell their own products and make a buck. That the board of a software company is full of people from other software companies is hardly surprising.

      • Re: (Score:2, Informative)

        by eof (33820)

        Oh, I wouldn't go so far to label it a conspiracy, just an obvious conflict of interest.

        The fact that they themselves sell software that benefits from the results of a study that they themselves conduct just degenerates the whole thing into the realm of the ludicrous.

  • by Lord Bitman (95493) on Friday February 06, 2009 @03:48AM (#26749159) Homepage

    I've yet to be in an enterprise which uses enterprise-level change control.

    Working for one of the world's largest commercial companies: Closest thing to "source control" was a rigorous automated backup process across network shares.

    Working for a small commercial company which sold commercial data processing tools for some of the world's largest commercial companies, and the U.S. Military, and various parts of the U.S. Government: Closest thing to "source control" was laws requiring our code be held in escrow for every release. We routinely released completely untested versions and claimed that it was a re-build of the same sources. Eventually management was convinced to start using source control after asking if anyone had an old copy of a file lying around and I quickly produced it from my local repository. Just before I left, I brought up the issue of segmentation faults and memory corruption, and was told "we can't avoid signalling if we're given bad inputs".

    Working for possibly the largest I.T. Company in the world, processing data for the U.S. Government: One person in charge of source control. No branching allowed. Occasionally heard complaints from the guru that people were overwriting each-other's changes. Never heard the word "security" mentioned at any point. Found out I could get a root shell and modify anyone else's source code by passing bad parameters to the reporting system.

    • by Tony Hoyle (11698) *

      That's true - we can go into a company consulting about configuration management and the most the company knows is often some low level programmer that's downloaded TortoiseCVS and liked it. And these are companies that are interested enough to pay us.

      (which is often 'we want to use version control' which is like saying 'teach us to use spanners!' - it then takes a couple of days of training for them to work out what they want to actually *do* with it.).

      • only a couple of days? I've been versioning various things for years and /still/ don't know what I actually want to do with it :)

  • by buggy_throwback (259436) on Friday February 06, 2009 @04:04AM (#26749213) Homepage
    Then why use it for your website? http://toolbar.netcraft.com/site_report?url=http://www.fortify.com [netcraft.com]
  • I don't want my tax-money to be used to fatten the coffers of corporate giants. They'll use the money to lobby against my fair use rights.
  • From FTA:

    US outfit Fortify Software has come up with research to prove it.

    I'm willing to bed that the company in question has promised a large political donation, and this article has been seeded to make sure it all looks like a rational decision when the Torys wangle them a huge IT contract in return.

    Every SINGLE friggn' political issue I ever get involved with, before long I realise: it's big business throwing money at corrupt politicians - and the politicians gladly take it. That IS politics now - the gi

    • by cheros (223479)

      Well, as long as the sheep keep getting fed the same entertainment about how New Labour's Gordon Brown "takes responsibility" and has to "rescue the world" from basically the mess the party has helped creating (the bit that curiously never makes it into the press) and then go to vote with glazed over eyes I don't think much will change.

      I'm perpetually bemused by a country that once produced astonishingly clever engineering and was at the forefront of the industrial revolution and that seems now more or less

  • by damburger (981828) on Friday February 06, 2009 @04:28AM (#26749337)

    Showing that a statistically insignificant number of Java applications failed a test by a proprietary system which nobody is allowed to decompile so they can reproduce the results.

    Hmm. Perhaps I am being a crotchety old science traditionalist, but the definition of the word 'research' seems to have changed of late.

  • "What makes this criticism interesting is that this is an attack on the policies of what will certainly be the next British government â" it's unusual for a party to be criticised like this before it comes to office."

    No it isn't. In fact it's incredibly common. They do it face to face every week with Prime Ministers Questions. These debates get incredibly heated and they're constantly slagging off each others' policies. Outside of parliament the papers continue attacks on policy, as do the talking head

    • by Tony Hoyle (11698) *

      I reckon the order will be economy, crime, immigration*, education with the rest just thrown out there at random.

      Depending on which statistics look most favourable (or can be twisted) the order will change.

      Whether the tories can finally outlive the thatcher legacy remains to be seen.

      * Got to keep the Daily Mail readers on-side, after all they're a huge chunk of the voters. Of course saying unpleasant things about foreigners then loses them a huge chunk of other votes.. so they may not make it so high prior

  • I've just sent an email to the Conservative Party (via their website) telling them that they are right, stick to their guns. I've told them we are a small UK developer who rely on OSS from major vendors to deliver a cost effective product, and that they should repond to criticism from people who simply stand to lose business by pointing out their lack of independence. I encourage others to do the same. I'm not a Conservative, I'm a long haired pinko (all right, on the right wing of the Lib Dems actually) bu
    • by ranulf (182665)

      I've just sent an email to the Conservative Party (via their website) telling them that they are right, stick to their guns. I've told them we are a small UK developer who rely on OSS from major vendors to deliver a cost effective product

      Then surely you've misread the article. They are arguing against OSS saying that it is insecure and slow to be patched.

  • It's an indication of how IT is going to be a battleground in the future general election.

    No it isn't. You may be interested in FOSS. I am, a bit. But 99.99% of the public counld't spell FOSS, let alone know what it is.

    If the proles are interested in anything beyond football, crappy reality shows and getting drunk, their main politiocal concerns are the job and housing markets, and maybe food prices & immigration.

  • Why hasn't this story been fixed? The title says that the Conservatives have been criticised, and the summary says that Labour has been criticised by the Conservatives. You don't even have to be familiar with the facts to see the contradiction.
  • by mormop (415983) on Friday February 06, 2009 @01:39PM (#26754789)

    That this is the best evidence so far that Microsoft's new carey, sharey nice image is basically what many people have assumed it to be, i.e. bullshit.

    The scenario is nothing new. Bring in a friendly company, get them to slate the competition and then brag about how an "independent" analyst has found something meaningful. Similarly, as usual, the people who don't care still won't care, the whole thing will be forgotten and FOSS will continue to gain ground as those who know its true value will continue to use and propagate it.

    The important thing is to remember that we're still dealing with the same selfish, power hungry, lying, money grabbing, unethical, amoral, shower of shites that we were 5 years ago.

Our business in life is not to succeed but to continue to fail in high spirits. -- Robert Louis Stevenson

Working...