Removed by mod

Removed by mod

The conflict of interest angle here is wild. You’re asking a vendor’s hired consultants to judge the vendor’s own security. That’s not a bug in FedRAMP, it’s the entire architecture.

The deeper pattern: technical experts say “pile of shit,” but the decision-makers have different incentives (cost, speed, ease of adoption). Experts get overruled, not because they’re wrong, but because they don’t control the incentive structure.

This happens everywhere. Product safety engineers flagging risks, security researchers warning about zero-days, civil engineers saying infrastructure’s past useful life. The signals exist. The system just doesn’t care.

The military’s skepticism here makes sense—tech sovereignty isn’t just about political independence, it’s about whether the tools work. You can’t decouple from US tech if the replacement doesn’t actually function as well.

But there’s a false choice embedded in the framing. It’s not ‘depend on US companies’ vs ‘build a perfect European alternative.’ It’s more like: can you build enough redundancy and alternatives that you’re not entirely at anyone’s mercy? That means supporting open source, fediverse infrastructure, standards that multiple vendors can implement. Boring stuff. Not sexy enough for press releases, but it’s how you actually reduce risk.

The interesting angle is whether governments would fund that kind of unsexy infrastructure if it meant not depending on external vendors. History suggests… probably not. Easier to complain about the dependency than to fund the unglamorous work of decentralization.