|
|
|
|
|
|
by danso
3920 days ago
|
|
|
I encourage people to check out 18F's Github repos...there's a lot of useful tools and libraries, for starters. And then there's full projects to learn from, such as APIs and front-facing static sites. I don't know if they use any other kind of project manager besides Github Issues, but their projects have among the most active Issues activity...it seems that the USDS/18F team uses them as project discussion rooms that also happen to be public...as they should be for government, public facing work. And they accept pull requests from the public...here's one I made to make their style guides more readable on mobile/non-traditional-browsers: https://github.com/18F/content-guide/pull/43 They talked about it amongst themselves (in public) and then merged it in. I know that's part for course for most industry teams...but not for the federal government. Think about all the regulations and CYA-guideliens (cover-your-ass) that have built-up over the years that would've made accepting code, or any input, from a total outsider, to be...not a priority. A few years ago I remember finding a very obvious, easily fixable XSS vulnerability across all of the Department of Homeland Security sites...not only was it hard to find a point of contact, but I was pretty much ignored until I sent emails to US-CERT, and then also threatened to have a tech journalist write about it. With the USDS projects, it's a completely different paradigm to work via systems like Github. At the very least, you can more easily take credit for suggestions/fixes you made. |
|
|
I think if I were in this situation today, I just wouldn't say anything. Being ignored would be one of the good outcomes; I'd be terrified of getting chucked into court for being a "HACKER AGAINST HOMELAND SECURITY."