I teach cybersecurity. And I genuinely don't know what to tell my students after this one. Federal reviewers spent years trying to get basic encryption documentation from Microsoft for its GCC High government cloud. They couldn't get it. One reviewer called the system a "pile of spaghetti pies," with data traveling from point A to point B the way you'd get from Chicago to New York: a bus to St. Louis, a ferry to Pittsburgh, and a flight to Newark. Each leg is a potential hijacking. They knew this. They said this out loud in writing. Then they approved it anyway in December 2024, because too many agencies were already using it. 🔐 That's not a security review. That's a hostage negotiation. Two things in this story should make every CISO and CIO uncomfortable:

🧩 Microsoft built its federal cloud on top of decades of legacy code that it apparently can't fully document itself
👮 "Digital escorts" often ex-military with minimal software engineering backgrounds are the firewall between Chinese engineers working on the system and classified U.S. networks 🤦🏻‍♂️

The scariest line in the whole ProPublica investigation isn't the "pile of shit" quote. It's this: FedRAMP determined that refusing authorization wasn't feasible because agencies were already using the product. Read that again. The security review process reached a conclusion based on sunk cost, not risk. Ex Post Facto Fallacy

If that logic holds, the compliance framework is just documentation theater. And right now, CISA is being hollowed out, so there are fewer people left to even run the theater.

https://arstechnica.com/information-technology/2026/03/federal-cyber-experts-called-microsofts-cloud-a-pile-of-shit-approved-it-anyway/
#Cybersecurity #Microsoft #FedRAMP #Leadership #RiskManagement #security #privacy #cloud #infosec

Vandaag (#DocumentFreedomDay) online: de volledig vernieuwde keuzehulp Open Publiceren: https://openpubliceren.nl/

Open Publiceren (@openstate en @forumstandaardisatie) is een praktische keuzehulp bij het kiezen van het juiste bestandsformaat voor open en leveranciersonafhankelijk publiceren van overheidsinformatie en -data.

Lees het nieuwsbericht: https://www.forumstandaardisatie.nl/nieuws/keuzehulp-open-publiceren-volledig-vernieuwd

#OpenOverheid, #OpenStandaarden, #Woo, #Who, #DigitaleAutonomie

@minbzk @developer @opennl

Op donderdag 26 maart vindt de eerste bijeenkomst van Platform Internetstandaarden van dit jaar plaats.

Op de agenda staan onder andere:

1. E-Mail-Sicherheitsjahr 2025 van @bsi (https://www.bsi.bund.de/DE/Themen/Verbraucherinnen-und-Verbraucher/Leistungen-und-Kooperationen/EMSJ/EMSJ_node.html)

2. DMARCaroni / @dmarcaroni (https://dmarcaroni.org/)

3. Accreditatieaanpak en Dutch Alternatives-website van #DutchCloudCommunity (https://dutch-alternatives.nl/)

1/2

RE: https://mstdn.social/@swheritage/116272142405742756

"France and Germany are moving beyond the “altruism” of the early open-source movement, reframing it as a matter of national autonomy. Stéphanie Schaer, The Interministerial Directorate for Digital Affairs in France (DINUM), highlighted Tchap—a secure messaging app used by 400,000 civil servants—as proof that the state can break its dependency on “monopolistic IT solutions” by investing in the digital commons."

#OpenSource #SWH10