[OGRUG] " departments are concerned about security"

[Tyler Smith]

On Tue, Aug 9, 2016, Abdool Yasseen wrote:
> >> Just a point to note when thinking about applying freeware in institution
> >> settings,
>
> Still, I can imagine how this issue may make a few directors nervous.

They may be nervous, but this is due in large part to conflating the
concepts of freeware and Free Software.

Freeware is typically a binary executable of unknown provenance, and
frequently contains malware. The developers are unknown, and there is
little risk to them if their program does bad things to the users'
computers.

Free Software is software for which the source code is available, and
typically is developed in an open and transparent way. In many cases
(including R), the developers are well-known and respected domain
experts. While it's unlikely an average R user has the time or expertise
to validate the security of the code they use, there are many expert
users that do. Furthermore, the domain experts behind it would risk
their reputations and careers should they engage in anything nefarious. 

It would be possible to use R as an infection vector, but the effort
required to entice a naive user into running malicious R code would be
far greater, and the target group far smaller, than a standard phishing
email scam. On the other hand, there are many serious benefits to using
Free Software, some of which are detailed in the links Joseph provided.

Best,

Tyler