this post was submitted on 28 Jan 2026
169 points (99.4% liked)

Canada

11731 readers
579 users here now

What's going on Canada?

Related Communities

🍁 Meta

🗺️ Provinces / Territories

🏙️ Cities / Local Communities

Sorted alphabetically by city name.

🏒 Sports

Baseball

Basketball

Curling

Hockey

Soccer

💻 Schools / Universities

Sorted by province, then by total full-time enrolment.

💵 Finance, Shopping, Sales

🗣️ Politics

🍁 Social / Culture

Rules

  1. Keep the original title when submitting an article. You can put your own commentary in the body of the post or in the comment section.

Reminder that the rules for lemmy.ca also apply here. See the sidebar on the homepage: lemmy.ca

founded 5 years ago
MODERATORS
otter@lemmy.ca
mp3@lemmy.ca
otter@piefed.ca
mp3@piefed.ca
169
petition for secure coding in federal software (lemmy.blahaj.zone)
submitted 1 month ago by not_IO@lemmy.blahaj.zone to c/canada@lemmy.ca
8 comments fedilink hide all child comments
 

post: https://infosec.exchange/@SheHacksPurple/115969320363063711

petition: https://www.ourcommons.ca/petitions/en/Petition/Details?Petition=e-7115

you are viewing a single comment's thread
view the rest of the comments
[–] panda_abyss@lemmy.ca 25 points 1 month ago (3 children)

I’m not sure how I feel about this one.

I generally want fewer contractors building government software, and more in house talent.

We definitely over pay on this.

that being said, security is important, and I do want us to balance that vs adding more hoops to get things done.

[–] Taldan@lemmy.world 8 points 1 month ago

The devil will always be in the details. How they implement the requirement will decide if it is a good or a bad thing

That being said, secure coding practices is generally the most efficient way to improve security posture these days

Anecdotally, having met Tanya a few times, she knows what she's talking about. I'm optimistic if she's helping shape the legislation

[–] avidamoeba@lemmy.ca 3 points 1 month ago

I generally want fewer contractors building government software, and more in house talent.

We definitely over pay on this.

100%. The incentives and interests of private firms and their employees are different than those of gov't agencies and their often unionized workforces.

[–] corsicanguppy@lemmy.ca 3 points 1 month ago

I work as a contractor alongside regional gov contractors.

These people were outsourced with their jobs to an external company - think IBM - who maintains the unionized employees and does the circus around TPS reports and timesheets. They either went with their jobs or they were laid-off, and the gov got to move some numbers over to OpEx from Payroll. Woooo for the optics win?

Fast forward. Now 18 years later, same staff except for retirement and a mild exodus after some toxic micromanager explored the Dead Sea Effect (who left when his policies were frustratingly over-ridden by the CoVid WFH change). The employer who outsourced them pays 5% less, has a worse contract for after-hours and workload, and is actively looking to downsize for the same optics again (our pro-people government is cosplaying fuckwit conservatives here) with more work given to the leftovers.

Yes, the original employer does pay a premium on top of the wage for the contract staff, but that's lost to the management and especially redundancies with the segregation. Staff gets that nickel more, due to the worse contract the I sourced got. But, like the CBC, staffing and knowledge isn't lost when the regime changes.

That's my point. Yes, there's a lot of pork lost in the gov<->corp interface because corps are shit. But it's not all cut-and-dried, since in this case the corp (changed hands 3 times, same staff. Same middle-mgmt as outsourced with them) provides more stability than the unionized original employer, and a contract with better work-life balance and WFH.

Don't kill them all. This one wins on cost-benefit, IMHO.