Software Security Suffers as Startups Lose Access To Google's Virus Data

Iain Thomson, writing for The Register: Security firms that use the Google-owned VirusTotal malware database but don't contribute to the silo are going to find themselves out on a limb. For the past 12 years, researchers have been feeding samples of software nasties into VirusTotal, allowing antivirus engines to check they can detect malicious code. But the site has seen an increasing number of security startups have been using the VirusTotal data without giving back. Now Google, and other contributors have had enough and have changed the terms and conditions of the website. Put simply, if you don't share samples, you can find your own malware elsewhere.From a Reuters report: The policy change at the information-sharing pioneer VirusTotal takes aim mainly at a new generation of security companies, some with valuations of $1 billion or more, that haven't been contributing their analysis. Older companies, some with market valuations much smaller than the upstart rivals, had pressed for the shift. "If they no longer have access to VirusTotal, their detection scores will drop," said Andreas Marx, chief executive of security software evaluation firm AV-TEST. With detection rates down, hackers will find easier entry.

Re:It's how Open Data works

[Immerman]

Seems like a pretty apt analogy to me. They were in BSD mode - give everything away with few (no?) strings attached. Then high-revenue parasites began to exploit the gift to the point that the givers could no longer compete effectively. So they switched to a sharealike license that requires downstream distros to contribute their own assets if they want to integrate the collective assets.

Of course the analogy breaks down since we're talking about a data collection used for pattern recognition, rather than source code, but every analogy breaks down if you look at it too closely, that's why it's called an "analogy" rather than "literal truth".