The Defense Department is opening an investigation to determine if the tech giant’s use of overseas engineers to maintain sensitive U.S. government computer systems compromised national security.
??? This is about giving chinese nationals root access to US military IT systems to save money. It’s actually terrible opsec and should be a way worse scandal.
This is about giving chinese nationals root access
Not how software development works. I don’t have root access to every production system because I can submit pull requests to a Dev instance of the code.
It’s actually terrible opsec
One of the principles of FOSS is that you shouldn’t need security through obscurity. Knowing how a system works won’t compromise its integrity if the security protocols are sound. Having third parties participate in a project shouldn’t compromise the project if the lead developers are doing proper code review and QA. A system that is predicated on being a black box to a hostile government in order to maintain security is rigged for failure.
But, more importantly, the idea that a foreign government can only obtain information on the inner workings of a system when people of that national origin work on the project is severely shortsighted. Do you genuinely believe there aren’t significant numbers of domestic American developers of European ancestry who wouldn’t happily sell access to a foreign government for the right price? Do you genuinely believe there aren’t numbers who could be gulled into exposing the inner workings of their software inadvertently?
Nothing about Hegseth’s complaint improves operational security. He’s hinging his whole worldview on the notion that every other white person at Microsoft is as much of a nationalist as he pretends to be.
U.S. personnel with security clearances supervise foreign engineers, including those in China
Again, working on a codebase doesn’t give you access to the production systems. Neither does being Chinese affect whether you are a reliable third party contractor.
If the workers were supervised and the supervisors were competent, there was no real security risk. Both of those are the big “Ifs” though. And that’s why doing layers of outsourcing creates risks regardless of who you’re outsourcing to.
The supervisors did not have the expertise to know what the foreign workers were doing, otherwise there would not have had to be 2 workers in the first place. And the foreign workers were not just writing code - they were doing sysadmin. On DoD systems.
I don’t know how to make any more clear to you but it’s completely obvious to anyone that actually understands these things that this was terrible opsec, and obviously not how any reasonable person would expect a DoD contract to be managed.
??? This is about giving chinese nationals root access to US military IT systems to save money. It’s actually terrible opsec and should be a way worse scandal.
Yes, but we wouldn’t want to fly in the face of our tradition of letting Microsoft off scott free for severe governmental security breaches, would we?
Not how software development works. I don’t have root access to every production system because I can submit pull requests to a Dev instance of the code.
One of the principles of FOSS is that you shouldn’t need security through obscurity. Knowing how a system works won’t compromise its integrity if the security protocols are sound. Having third parties participate in a project shouldn’t compromise the project if the lead developers are doing proper code review and QA. A system that is predicated on being a black box to a hostile government in order to maintain security is rigged for failure.
But, more importantly, the idea that a foreign government can only obtain information on the inner workings of a system when people of that national origin work on the project is severely shortsighted. Do you genuinely believe there aren’t significant numbers of domestic American developers of European ancestry who wouldn’t happily sell access to a foreign government for the right price? Do you genuinely believe there aren’t numbers who could be gulled into exposing the inner workings of their software inadvertently?
Nothing about Hegseth’s complaint improves operational security. He’s hinging his whole worldview on the notion that every other white person at Microsoft is as much of a nationalist as he pretends to be.
I’m sorry but you just straight up don’t know what incident is being discussed here. Go look it up instead of talking about unrelated bullshit.
Again, working on a codebase doesn’t give you access to the production systems. Neither does being Chinese affect whether you are a reliable third party contractor.
If the workers were supervised and the supervisors were competent, there was no real security risk. Both of those are the big “Ifs” though. And that’s why doing layers of outsourcing creates risks regardless of who you’re outsourcing to.
The supervisors did not have the expertise to know what the foreign workers were doing, otherwise there would not have had to be 2 workers in the first place. And the foreign workers were not just writing code - they were doing sysadmin. On DoD systems.
I don’t know how to make any more clear to you but it’s completely obvious to anyone that actually understands these things that this was terrible opsec, and obviously not how any reasonable person would expect a DoD contract to be managed.
If that’s the case, then the work should be in house