The aftermath to the recent Microsoft Azure hack by suspected PRC actors.
What is the solution to this? Make sure cloud services are open source so they can be independently vetted? If government and corporate entities chose to use open source solutions, most are presented “as is” with no warranty.
As a citizen, I appreciate this sentiment. As a government employee, it’s misguided at best.
Governments compete with the private sector for skilled IT labor, but the take-home compensation for government jobs often doesn’t compare to private, and even retirement contributions and other benefits aren’t much better, leaving fewer and less skilled applicants to government jobs, since they don’t want to take a pay cut. This leads to a situation where employees that are hired to government don’t have the basic skills to maintain servers or host their own systems. Open source is seen as a naughty word, because if the person maintaining an open-source system leaves, finding a qualified replacement will be near impossible. Often times, contractors run complex platforms because the internal talent just isn’t present within the government’s staff. This leaves governments to rely on the most common tooling, which is unfortunately Microsoft/Adobe/Oracle/SAP dominated, in order to have hope of finding candidates capable of maintaining existing systems and expanding new features/tools. The public doesn’t have any desire to increase taxes in order to pay for a more skilled public sector workforce, so we’re stuck in this Microsoft and crappy closed source dominated environment. It really sucks to live with on a daily basis, because I know there’s so much great OSS out there, but the people surrounding me are completely incapable of getting it running and keeping it running.