Or, “a lie gets halfway around the world before the truth has a chance to get its pants on” (Winston Churchill).

The headline was the subject of a blog post last week and referred to alleged vulnerabilities in SuiteCRM.

Let’s just tackle this head on: There is no vulnerability to be addressed here. This is a sensationalist article. It is irresponsible, duplicitous and mendacious.

Irresponsible

There is a protocol for reporting vulnerabilities that all responsible technology companies follow – you alert the authors of the software first to give them time to fix the flaw. If they don’t fix it, then you go public. In a bid to gain headlines, this idiot flouted that protocol. Dumb move. Even dumber move is that there is no truth in his sensational headline. He’s a dumb, attention-seeking, malevolent, unprofessional fool.

Duplicitous

One question is “what’s the motive for this?” The answer is straightforward: Yetiforce has a forked version of Vtiger, a second rate open source CRM, that they publish under an open source license that is not recognised by OSI (Open Source Institute). They have little traction and less credibility. By publishing slanderous claims against established and properly constituted open source projects, they hope to gain publicity. They probably have, so maybe it’s job done for them in the short term. But this is a marathon and not a sprint.

Mendacious

Other words I could use to describe the article and its author include fraudulent, insincere, deceitful, perfidious, lying or fallacious. Can I make it any clearer? I invite them to sue me if I am wrong.

The Truth

We are just picking over the bones of the latest SuiteCRM vulnerability and penetration tests. We commission a well-known, third-party software security consultancy to audit SuiteCRM several times a year. We act on the output and address the vulnerabilities. All the changes that need to be made in this and every scan we commission find their way into SuiteCRM in a timely fashion. We take security very seriously.

The world of open source does not benefit from the kind of shameful behaviour indulged in by Yetiforce.