Regarding the leak of gun owner details, being blamed on SAP... er, I think our gov't is hiding behind "the supplier took the blame". But where does the responsibility lie? With the gov't. Not the contractor. Those sorts of excuses don't deserve sympathy or forgiveness from the people.
@lightweight I get your point but don't entirely agree. There is a duty of care and trust put into the hands of the contractor and the expectation - particularly of large corporates - that their product is safe. Yes the agency in charge should have done a security audit. But I respect SAP for owning up on this. Can you imagine the uproar if this had happened under a small local firm? It would have sunk them
@ByronCinNZ Yup - but my point is that "outsourcing" shouldn't be seen as a way to dodgy culpability (that seems the main rationale for outsourcing of tech services in general). We need an incentive for Ministers to be smarter about providing tech services. I suggest that the *right* way is for gov't to fund #FOSS development of these solutions, allowing for competition between service providers for any given service. The current "gift a monopoly" to a supplier approach is broken.
@ByronCinNZ also, ultimately, the big corporates like SAP aren't actually worthy of their scale... that's true of all the corporates. They use market distortions, supported by gov'ts, to achieve their scale, not their greater competence.
@lightweight Yes. The outsourcing comes too often with abandonment of expertise in subject matter the agency is charged with overseeing. That combined with the managerialism attitude that views anything technical as bellow the dignity of important people and you really set the stage for corporate rip-offs and failures. Gov't needs to retain (and respect) enough expertise to know that they are getting what they need and what they pay for from suppliers.
@lightweight That requires more transparency than typically practiced. FOSS provides such transparency. With big corporates and their proprietary IP protections, it has been my experience that even security audits that a gov't may preform are limited. you kind of just have to trust them to have shared everything needed. Not a good situation. Leaves me wondering why we even allow anything but FOSS
@ByronCinNZ Yup. Imagine if the NZ gov't funded the development of a #FOSS gun licensing tracing system... and then told the US - "here, this worked for us. You can just use it. It's Free". And it would also give NZ some nice tick marks for its Digital 9 Charter membership... https://www.digital.govt.nz/digital-government/international-partnerships/the-digital-9/
@ByronCinNZ Hell yes .Well said.
@ByronCinNZ My humble suggestion is described in some detail here: https://davelane.nz/fixing-government-it-procurement - in short, the gov't needs to mandate that all IT solutions procured comply with vendor-neutral, royalty-free open standards.