[acdha]

I know the HN discussion had some debate over that (https://news.ycombinator.com/item?id=28408399) but I definitely think there's a lot of good discussion about how to make these problems more tractable. Even in the .gov space, which does tend to treat security as something you can't just brush away, there's generally limited money and resources for actually shipping improvements and especially challenging are the issues of legacy apps (which probably require Congress to allocate money for replacements) and adequately staffing for O&M (contractors are usually a bad fit with lower continuity and restrictions on flexibility). Most of the breaches you hear about trace back to something which someone has been complaining about for ages but been unable to get support for actually fixing.