Having done cyber security consulting for space startups (which are ALL DoD adjacent), the worst perpetrators of bad security practices, shadow IT and poor data hygiene are… drum roll…
The business guys in senior management.
What happened with Hegseth and Signal wasn’t a shock to me. If you put someone like Hegseth in charge of something like the DoD, it’s exactly what I would expect to happen.
I agree but DoD needs to bring the FOSS software out of the server room.
“The fact that the department currently lacks visibility into the origins and security of software code hampers software security assurance.”
These idiots don’t know what an SBOM is
If anything, I would think DoD has a vested interedt in protecting and supporting open source software so shit like xzutils doesn’t happen again.
They don’t bribe or give kickbacks. So there is no value in them for corrupt fascists.
They can’t secretly compel the devs to add backdoors to their FOSS.
I mean, they could try. But that dead canary would be discovered as soon as anyone bothered to check the merge history.
deleted by creator
