Out of Africa: More Microsoft FUD
Published 10:57, 02 October 12
One of the most heartening developments recently has been Africa's current embrace of computer technology. That includes open source: for example, Nigeria has been running an open source conference for several years now, and the Kenyan government is starting to deploy free software widely.
Sadly, this increasing interest in open source has called forth something far less welcome: Microsoft FUD against it:
Last week, the [Kenyan] Government issued a warning that in the next three years it will move its IT operations to Free and Open Source Software (FOSS), a move that will reduce cost by more than half in IT expenses.
Microsoft said the move is risky and bound to make Government systems more vulnerable to hackers.
Oh, really, and why would that be?
Owino [Technology advisor, Microsoft East and Southern Africa] said through the Free and Open Source Software the State might find it hard to hold anyone accountable should its systems be hacked
“Just like other players in the copyrighted software, we are accountable when our software is hacked, the case is different with the non-copyrighted software,” he said.
Well, where shall we start? Open source software is "non-copyrighted software"? Well, even for FUD, that's pretty outrageous, since the open source approach works precisely because it uses copyright to ensure the code is freely shared.
Open source more vulnerable to hackers? Well, not according to security expert Bruce Schneier:
As a cryptography and computer security expert, I have never understood the current fuss about the open source software movement. In the cryptography world, we consider open source necessary for good security; we have for decades. Public security is always more secure than proprietary security. It's true for cryptographic algorithms, security protocols, and security source code. For us, open source isn't just a business model; it's smart engineering practice.
So what about that claim that Microsoft is "accountable when our software is hacked"? Well, I don't see Microsoft rushing to pay the billions of dollars that flaws in its code costs companies around the world: no accountability or sense of responsibility whatsoever there.
And when it comes to how quickly vulnerabilities are patched, there's this:
Though open source applications had almost as many source code vulnerabilities upon first submission as proprietary programs, researchers found that they contained fewer potential back doors than commercial or outsourced software and that open source project teams remediated security vulnerabilities within an average of 36 days of the first submission, compared to 48 days for internally developed applications and 82 days for commercial applications. Not only were bugs patched the fastest in open source programs, but the quality of remediation was also higher than commercial programs.
Veracode’s study confirms the research and anecdotal evidence into the security benefits of open source software published over the past decade. According to the web-security analysis site SecurityPortal, vulnerabilities took an average of 11.2 days to be spotted in Red Hat/Linux systems with a standard deviation of 17.5 compared to an average of 16.1 days with a standard deviation of 27.7 in Microsoft programs.
It's great to see Africa starting to explore the benefits of open source not only as a way of rolling out software more cheaply than would be the case for proprietary programs, whose Western pricing makes them particularly costly for emerging nations, but also as an effective means of building up a vibrant indigenous software industry that is not based simply on shovelling lots of money to the US.
However, it's sad to see that Microsoft seems to have learned nothing from its earlier, unsuccessful attempts to spread FUD about open source, and seems intent on recapitulating that shabby and rather pathetic history in Africa too.