Feeds

BCS Linux-baiting sparks flame war

Dad's Army hit by sweary Marys

The Power of One Infographic

An article on open source security has sparked off a furious backlash in the normally polite and businesslike world of a British Computer Society journal.

Commentards have reacted furiously to a piece by Steve Smith, managing director of IT security consultancy Pentura, in the July Edition of ITNow. A lengthy first response by Luke Leighton takes the article apart paragraph by paragraph and contains a dozen expunged swearwords. The opening line of the 4,000 word rebuttal, for example, reads "the BCS is supposed to be a reputable organisation, yet this article - every paragraph - is complete [DELETED]."

The "censorship" of Luke's swearing provoked a fresh round of protests.

Meanwhile, other readers criticised the article as being a "disappointing and unnecessarily biased article, to the point of being misleading" and worse. Part of the problem is that the article was not properly distinguished from being either an analysis or an opinion piece.

If it was properly flagged as an opinion then perhaps some of the criticism about unsupported assertions might have been avoided, or at least reduced.

Commentards pulled few punches in laying into the article. Open source security is a contentious issue. In covering the subject I myself have been at the receiving end of adverse criticism, some well merited and some not, so I have some sympathy for the author.

Smith's apparent central premise - that neither closed or open source software are inherently superior from a security perspective - isn't by itself especially contentious or controversial. But the headline chosen "Can open source be secure?" sets the wrong tone and his argument contains little or no substantiation, leaving him wide open to criticism. Part of the article tips over and appears to suggest that closed source is more secure because the underlying source code is secret, a security by obscurity argument given short shrift by commentards. Several accused Smith of being either misinformed or hopelessly biased.

The BCS acknowledged the criticism in a post on the comments thread provoked by Smith's article.

The open source vs proprietary software debate is always a heated one. We have asked the author of the article to respond to the reader criticism.

BCS is absolutely against censorship, but as a professional organisation we have a responsibility to remove expletives, profanity and any comment which could potentially be construed as libellous from our site. The original comment has been replaced with all deletes highlighted; we apologise for any upset the initial editing may have caused.

The anonymous Reg reader who brought the criticism of the piece to our attention wonders why comment wasn't solicited from the BCS Open Source Specialist Group (OSSG), which would be able to supply a well-informed opinion on the subject.

Mark Elkins, chair of the OSSG confirmed it had not been contacted and expressed regret at this oversight. Elkins told The Register that his main regret was that BCS members might go away from the article in the mistaken belief it ought to be read as the professional organisation's considered view on the subject of open source security, instead of an opinion.

"The post at http://ossg.bcs.org makes it clear that the BCS Open Source SG (OSSG) were not contacted about the articles in ITNow," Elkins explained. "Whilst OSSG is run by its members ITNow is run by full-time BCS staff. As so many articles appeared at once - effectively creating a theme on OSS - I think there was an obligation to involve OSSG. Unfortunately that did not happen, which is a shame because OSSG cannot possibly validate what it is has no knowledge of.

"Having read the articles in ITNow it is not fully clear to me what status they have. For example are they meant to be opinions, mini-case studies that are intended to reflect the state-of-the-art, or whatever. The reader is given no guidance on this. A danger is that they might be seen as the BCS view or BCS advice on Open Source.

"If OSSG had been contacted then we would undoubtedly made changes to what appeared. For example one of our Committee members Andrew Katz is a qualified solicitor acknowledged to be an an expert on Free and Open Source Software (FOSS) whose input would have added clarity to legal and other issues."

We contacted Pentura on Monday to ask how Smith plans to respond to the article but are yet to hear back. So it's unclear whether Smith will respond to his critics or whether ITNow will address the subject by some other means, perhaps by inviting Elkins and other members of the BCS Open Source group to submit a better informed and researched article on the subject of open source security. ®

Seven Steps to Software Security

More from The Register

next story
Whoah! How many Google Play apps want to read your texts?
Google's app permissions far too lax – security firm survey
Chrome browser has been DRAINING PC batteries for YEARS
Google is only now fixing ancient, energy-sapping bug
Do YOU work at Microsoft? Um. Are you SURE about that?
Nokia and marketing types first to get the bullet, says report
Microsoft takes on Chromebook with low-cost Windows laptops
Redmond's chief salesman: We're taking 'hard' decisions
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
Big Blue Apple: IBM to sell iPads, iPhones to enterprises
iOS/2 gear loaded with apps for big biz ... uh oh BlackBerry
OpenWRT gets native IPv6 slurping in major refresh
Also faster init and a new packages system
Google shows off new Chrome OS look
Athena springs full-grown from Chromium project's head
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.