Software Developers in Kenya.

https://www.youtube.com/watch?v=R-KD9JgdEaI

I’m watching the above , on how KPLC was being fleeced, and it’s obvious that , software developer(s), left a lot of loopholes in the system.
My question is, isn’t a matter of good practice , to have an independent software audit, before doing any implementations ?

Companies either don’t want to pay for system audit or procurement tell you to give him the money for audit.

I’m hoping Kenya power saga will be a wake up call to parastatal, and all publicly traded companies.

This seems like a business process issue, dci should not be consulting on how a company sets up their systems.
No system is perfect, it’s always a balance between efficiency/ usability and security.

This is a function of quality assurance. Either it wasn’t done effectively to test whether the use cases were fit for purpose or it simply wasn’t done at all.

how do QA function when the Software is been developed internally , vs when outsourcing, and how is the QA sourced ?

QA is mostly an internal function, but in the above case such issues are mostly business process issues and are mostly picked up by external auditors - bias is a big challenge when developing systems be it software or just kawaida business workflows, and an outside view is necessary just to give a different perspective.

Lakini Kenya has most employees who are just out to defraud, and in such cases it does not matter how robust the systems are, if you have guys say in finance, It, QA etc ganging up to steal it becomes very hard to control that, at the the end of the day trust is vital.

If no money was lost, DCI would not have any role. In this case, it was proven that cash got into the pockets of third parties… So it is theft and DCI has a role… I believe hata hawajascratch the surface

it was painful and embarrassing , listening to these guys giving details of what happened, and what made me bang my head is the fact that KPLC to it’s customers thru hell , when the breach was on their side.
what do you guys think of this whole scenerio ?

KPLC is a rogue parastatal that thrives on stealing from clients blatantly… Should be broke. Down to smithreens

it’s going to be a wake up call. wakubwa watataka wawekewe private loopholes sasa

a wake up call oon the negative, Dang ! ! !

utakuwa unaingia procurement unauliza “niwawachie ngapi za macho munipee tender?”

“wee weka tu loophole ya Cayman islands tutashukuru”

Picture this. The system does not even collect logs. Yani they designed it ikue ni ya kuiba

Loopholes are good for business. Its in the interest of the management that there be loopholes

I think the dci just did not know where to look for logs, I would expect the investigative authorities not to rely on a system generated log, rather they should dig in and find the logs they want, I find it funny that dci would even comment on that, it’s like cops complaining that a thief did not take a selfie at a crime scene, they should look for finger prints and such not depend on what a criminal provides.

:smiley:

Just poor best practices. Well setup technical teams know how to balance and prioritize the output between business requirements, user experience and system integrity. In KPLC’s case none of this was adhered to.