This is a summary of an already quite short memo, with a mention of DOGE glued on the end.
RugnirViking · 12h ago
"Arrington also noted that the use of open source software "presents a significant and ongoing challenge," with a lack of visibility into the origins and security of software code particularly troubling."
What? This is like backwards. They went to pay more for proprietary software which they can't look at because being able to see the code makes it harder to know it's origins and security???
saltcured · 11h ago
There's a whole line of security thinking that is hard to understand from an open source perspective. I struggle to give it a charitable interpretation, but would say it tries to ensure code provenance and traceability of changes back to design requirements. I think this comes from a bureaucratic need to manage risk and liability concerns when the reality is that you can't really prove most code is correct or fit for purpose.
When I am being more cynical, I'd say it is a form of regulatory capture. It creates moats where you cannot hope to compete and be in compliance as a small organization or loose federation of hobbyists. You need big budget, big organization scale to possibly deliver on all the process requirements alongside actual software development. And, I think there is a feedback loop where vendors of enterprise software security tooling are successfully warping the idea of what best practices and due diligence look like, so managers and compliance officers keep thinking they have to shovel more layers onto this to protect themselves.
apercu · 9h ago
Yep, it’s about making someone else accountable for your compliance (i.e., a specific vendor with deep pockets).
It’s never actually about security.
cosmicgadget · 10h ago
I trust no one else to take a broken system like DOD acquisitions and re-break it in a way that financially benefits loyal elements of the M-IC.
colanderman · 12h ago
> The DOD's statement […] has a ring of DOGE to it. Musk's efficiency department has already saved billions across the US Government's various agencies, with the DOD already said to have saved a cumulative and not-insignificant sum of around $6 billion to date.
Why include this unprompted and uncritical parroting of Trump regime propaganda? Beside that the "savings" are undocumented at best and in many cases simply made-up [1], slashing important services is "savings" the same way that not changing your car's oil is "savings".
What? This is like backwards. They went to pay more for proprietary software which they can't look at because being able to see the code makes it harder to know it's origins and security???
When I am being more cynical, I'd say it is a form of regulatory capture. It creates moats where you cannot hope to compete and be in compliance as a small organization or loose federation of hobbyists. You need big budget, big organization scale to possibly deliver on all the process requirements alongside actual software development. And, I think there is a feedback loop where vendors of enterprise software security tooling are successfully warping the idea of what best practices and due diligence look like, so managers and compliance officers keep thinking they have to shovel more layers onto this to protect themselves.
It’s never actually about security.
Why include this unprompted and uncritical parroting of Trump regime propaganda? Beside that the "savings" are undocumented at best and in many cases simply made-up [1], slashing important services is "savings" the same way that not changing your car's oil is "savings".
[1] https://www.nytimes.com/2025/04/13/us/politics/doge-contract...