Everis is the typical meat grinder, and it is known for that in Spain.<p>Now, just as I'm writing this I'm sure someome from Everis will chime in to say he gets paid handsomely and works for amazing projects.<p>But everyone I've known working for Everis wants to die.<p>And if such project had to land in Spain for political reasons, there are plenty of companies capable on taking such project with way better prospects.
> "which basically tricks organizations into spending a ton of money for installing Docker into a CentOS image without any cryptographic signature to verify the integrity of that image."<p>Ouch
Reading the start of this article reminded me of a somewhat unrelated thing I saw: I remember seeing in "tech influencer" youtube video on how "Japan hasn't kept up with the west" when it comes to IT. Not to be super orientalist or whatever and assume Japan is doing better the US in IT, but what should they do instead, go the US route and put every thing on the cloud? Is that <i>better</i>?<p>I couldn't help it, it's literally in the article that this was part of the "NATO modernization" efforts. Perhaps whatever they had before would have failed too but it's clear that these "modernization" efforts aren't always better.
Favorite quote:
"(...) so that the information security community and the general public can judge the quality of your work, which basically tricks organizations into spending a ton of money for installing Docker into a CentOS image without any cryptographic signature to verify the integrity of that image."
> It will drive innovation and reduce operational costs by ensuring much greater reuse of capabilities.<p>I feel I have seen this vague promise on a lot of software projects that either failed or overran budget significantly.
An interesting data point is that Everis is owned (2014 acquisition) by NTT Data Group [1], it provides consulting and outsourcing services and it doesn't have the greatest reputation<p>1. <a href="https://www.everis.com/global/en/about-us" rel="nofollow">https://www.everis.com/global/en/about-us</a>
Not that I think internal efforts are always success stories, but outsourcing your identity and access management to the lowest bidder sounds like a recipe for disaster.<p>Who thought this would be a good idea? And why was any of this on internet connected servers anyway?