Nadia is a high school cheerleader who fell into a portal and now gets to dress up as a princess every day

those contracts take years to tender and likely have huge clawback clauses. I doubt that Labour got into power and immediately signed contracts for things like this. More likely it was more expensive to stop it.

me typing “sudo !!” instead of rewriting the shell command undoes this.

yes so you’re agreeing with me

Yup, but you have to think “how would malicious software/spyware/whatever get in our source code and if it does, how would we detect it?”

that’s where ISO and SOC II add value and give some assurance that detective, preventative and corrective controls exist and are working to prevent an issue.

If the company maliciously inserts back doors into closed source code and sells it like that, no amount of external audit is going to defend against that because they’ll just hide the code from the auditors.

the closest you’ll get is probably SOC II Type 2 or ISO 27001. While nowhere near perfect, those certifications validate that organisational controls such as change management, employee background screening, SDLC and production access controls functioned over the past 12 months. An external audit by an accredited specialist is required to obtain those certifications.