I'd like to second your comments both about the role of open source software and about Microsoft's behavior to date in using FUD to battle open source in key government markets.

However, I'd also like to add something about the role of developers and other Microsoft partners in this effort. In general people who make their living selling or supporting systems using Microsoft software have an interest in perpetuating the market's perception of the company and its software as all pervasive. On the positive side that leaves them motivated to say good things about Microsoft products but, on the negative side, it also creates a general motivation to denigrate open source and a particular one to hide or deny its relative importance in computing.

In the sad but true category I can understand people who set up Apache to self report as IIS in the context of an engineering division I once worked with where local management responded to an all IBM purchasing strategy out of head office by reselling IBM gear and putting large IBM labels on the Vaxes they got in exchange.

By itself under reporting of open software use isn't harmful and may even have positive effects; the denigration side of the coin, however, is all harm and no benefit.

One particular form of this: security related FUD, is shaping up to be central to the battle for control of the US federal government market. you mention the nonsense about open source being openly available and therefore easily attackable, but the more subtle attack is coming from another direction entirely.

That direction is exemplified by a recent SANS Institute report co-sponsored with the FBI in which the SANS institute reports that the top twenty internet vulnerabilities are evenly split between Unix and Windows. You may have seen my initial writeup of this in Linuxworld.com but it's the follow-up work that's relevant here.

There appears to be a concerted move by security software vendors and their institutes and affiliates (almost all of whom appear to be either Microsoft partners or Microsoft sponsored) to separate security issues into two piles:

1. the Microsoft Windows pile; and,
   
2. an "all others" pile labelled Unix or Open Source
   

Aberdeen Group, for example, recently delivered itself of a Microsoft funded press release announcing that Open source has more security problems than Windows - a finding based on 16 of 29 recent CERT alerts not pertaining only to Microsoft products during a period in which Microsoft released 61 emergency alerts.

You may not think of a ten year old proprietary Oracle based application running on Solaris as Open Source, but it counts aas Unix for the press release and if people like me point out the absurdity of this afterwards; well, the damage is already done.

And that's where you come in. Perhaps it's time to go beyond your story here - good as it is, it doesn't go far enough- and turn the O'Reilly publicity machine loose on clearing up FUD of all kinds --but focusing on lies and omissions in the service of spreading security FUD among the naive.