[scohesc]

You'd think that a lot of the allegations of foreign interference in the 2016 election would have been recalled in the past couple of months and the Iowa Democratic Party would have openly welcomed the DHS' security testing of the app to ensure minimal foreign meddling.

[eropple]

I think that the folks handling this software project screwed up plenty, but I also don't know if I'd fault them for not going anywhere near DHS. Given the way the current administration has shamelessly attempted to corrupt pretty much every institution it touches I think the political compromise of DHS is something that opposing parties should be factoring into their threat models.

Architecture, performance, and security reviews? Definitely should've happened. DHS? Ehh.

[GVIrish]

Recent history has proven out time and time again that all sorts of organizations that should know better about securing their applications and data, absolutely don't. Just look at the Equifax breach or the OPM breach for examples.

For whatever reason, many, many people in positions of leadership have a hard time properly evaluating and mitigating risk when it comes to cybersecurity. Even when it's obvious that risk can absolutely destroy their organization.