[kristinn]

Video of report at the source link.

[Antihero101607]

What difference, at this point, does it make?

[bigheadfred]

Memo Warned of "Limitless" Security Risks for HealthCare.gov

i remember that thread even though it was years ago...

[onona]

I’m a project manager. This is blatant BS. There is NO WAY this was not known unless the PM was asleep at the wheel or off doing crack with the mayor of toronto.

[ImJustAnotherOkie]

Note to CMS...Check your return codes!!!!!

[what's up]

The author of the security memo, Tony Trenkle, retired from CMS last week; no reason was given.

How convenient.

The person who authored the memo that Chao "never saw" is now out of the picture.

No doubt Jarrett told him to go into hiding.

[ClearCase_guy]

I fully agree with your assessment. This bit:

Chao said he was unaware of a Sept. 3 government memo written by another senior official at CMS. It found two high-risk issues

No. Absolutely not. Total BS. There is a risk manager. He knows all the risks. He reports the risks up the chain of command. For risks to -- instead -- be compartmentalized and kept hidden from the PM ... that's either a lie or an inconceivable level of managerial incompetence.

[grumpygresh]

According to federal guidelines, high risk means “the vulnerability could be expected to have a severe or catastrophic adverse affect on organizational operations ... assets or individuals.”

So this is what is meant by a catastrophic insurance policy. A policy devised by Leftists.

[MarkL]

Given the fact that the federal government requires organizations handling financial information to conform to SOX (Sarbanes Oxley) audits, and organizations handling health care information to conform to HIPPA audits, it sounds like the system developed (NOT JUST THE WEB SITE!!!) doesn’t conform to either.

In addition to that, any self respecting financial company, especially one that uses credit cards, is supposed to meet PCI security specifications ( https://www.pcisecuritystandards.org/security_standards/index.php )

What are the chances that any of these security standards have been met?

Mark

[Lmo56]

Either one of two things happened:

1. Henry Chao lied to Congress when he testified behind closed doors last week for 9+ hours. He stated that he never saw the memo and he had been told that there were no significant problems with the web site.

Or:

2. Chao was never shown the Trenkle memo [but his superiors were] and they realized that [if he was shown the memo], he would never sign off on the Oct. 1st release.

Its either one or the other ...

[Eagles6]

Isn’t it sad that this is getting exponentially more play than Fast & Furious and the IRS.

[Lazamataz]

Look, this is what I do for a living.

I am here to tell you something, Kristin.

I, personally, armed with a small team of equally skilled developers — maybe 3 to 5 — could have written the entire Obamacare website, tested, and secure, within three years.

NO way this thing should have costed what it did.

NO excuse for its failure.

This was not a web project, this was the laundering of millions of dollars to the Democrats.

Period.

[dearolddad]

Why not call the moron that wrote the memo and ask him who he addressed it to.

[Paine in the Neck]

"There is nothing to worry about. Everything is perfectly safe."

[cherry]

these nazis always have somebody else to blame don’t they.....