[protastus]

When negligence is so bad that it looks like sabotage from a hostile agent, then criminal investigations are needed to learn more about the people who did it, the others who enabled it, and deter similar future acts.

DOGE did a lot of bad things, but it didn't force anyone to commit credentials to a repo, disable scanners to get away with it, and then make the repo public.

[andrewflnr]

> When negligence is so bad that it looks like sabotage from a hostile agent

It doesn't though. There's no actual evidence for anything beyond negligence. The "sabotage" angle is just speculation in the vain hope that surely people this stupid don't work for the US government.

[protastus]

We doesn't need a signed affidavit on GitHub to trigger an investigation.

This already crossed the line of reasonable suspicion. The investigation is where evidence gets collected.

Who knows what other improper behavior these people have engaged in and what other secrets they have leaked, intentionally or by side effect.

[andrewflnr]

By all means, investigate. But it shouldn't be a criminal investigation without sufficient evidence.

[thuridas]

DOGE was the culture of let's do things fast!!

I can imagine CISA reducing personal and subcontracting work to some cheap company to save money