I’m not sure how I feel about this one.
I generally want fewer contractors building government software, and more in house talent.
We definitely over pay on this.
that being said, security is important, and I do want us to balance that vs adding more hoops to get things done.
The devil will always be in the details. How they implement the requirement will decide if it is a good or a bad thing
That being said, secure coding practices is generally the most efficient way to improve security posture these days
Anecdotally, having met Tanya a few times, she knows what she’s talking about. I’m optimistic if she’s helping shape the legislation
I generally want fewer contractors building government software, and more in house talent.
We definitely over pay on this.
100%. The incentives and interests of private firms and their employees are different than those of gov’t agencies and their often unionized workforces.
I work as a contractor alongside regional gov contractors.
These people were outsourced with their jobs to an external company - think IBM - who maintains the unionized employees and does the circus around TPS reports and timesheets. They either went with their jobs or they were laid-off, and the gov got to move some numbers over to OpEx from Payroll. Woooo for the optics win?
Fast forward. Now 18 years later, same staff except for retirement and a mild exodus after some toxic micromanager explored the Dead Sea Effect (who left when his policies were frustratingly over-ridden by the CoVid WFH change). The employer who outsourced them pays 5% less, has a worse contract for after-hours and workload, and is actively looking to downsize for the same optics again (our pro-people government is cosplaying fuckwit conservatives here) with more work given to the leftovers.
Yes, the original employer does pay a premium on top of the wage for the contract staff, but that’s lost to the management and especially redundancies with the segregation. Staff gets that nickel more, due to the worse contract the I sourced got. But, like the CBC, staffing and knowledge isn’t lost when the regime changes.
That’s my point. Yes, there’s a lot of pork lost in the gov<->corp interface because corps are shit. But it’s not all cut-and-dried, since in this case the corp (changed hands 3 times, same staff. Same middle-mgmt as outsourced with them) provides more stability than the unionized original employer, and a contract with better work-life balance and WFH.
Don’t kill them all. This one wins on cost-benefit, IMHO.
This is great.
The other petition i would gladly sign is to stop using MS Azure cloud for all of Canada’s confidential / protected information. Microsoft has already admitted to the EU that they would hand over any country’s data if ordered to do so by the USA - even when that data is stored outside if the US. Microsoft is not that different from Huawei, it turns out
This petition should absolutely already cover non-sovereign clowd corps and their claims of sovereignty while still being absolutely vulnerable to secret CLOUD ACT challenges from American agencies who these days look really unethical.
This petition definitely should be leveraged to get us off these shysters and their surveillance of our private data and comms.
“Secure coding.” I worry this is just a case of someone pushing for Rust or Rust-equivalents. Which is, like, good in spirit, but really misrepresents the investments it takes to actually achieve “security.”
And all the cybers security and red teamers screamed
“SECURITY IS NOT A TOOL OR A PROGRAM SECURITY IS A MINDSET AND A CONSTANTLY EVOLVING WAR”
