Or, "a lie gets halfway around the world before the truth has a chance to get its pants on" (Winston Churchill).
The headline was the subject of a blog post last week and referred to alleged vulnerabilities in SuiteCRM.
Let's just tackle this head on: There is no vulnerability to be addressed here. This is a sensationalist article. It is irresponsible, duplicitous and mendacious.
There is a protocol for reporting vulnerabilities that all responsible technology companies follow – you alert the authors of the software first to give them time to fix the flaw. If they don't fix it, then you go public. In a bid to gain headlines, this idiot flouted that protocol. Dumb move. Even dumber move is that there is no truth in his sensational headline. He's a dumb, attention-seeking, malevolent, unprofessional fool.
One question is “what's the motive for this?” The answer is straightforward: Yetiforce has a forked version of Vtiger, a second rate open source CRM, that they publish under an open source license that is not recognised by OSI (Open Source Institute). They have little traction and less credibility. By publishing slanderous claims against established and properly constituted open source projects, they hope to gain publicity. They probably have, so maybe it's job done for them in the short term. But this is a marathon and not a sprint....