Why does my worry about bureaucracy have to mean I want to be the victim of identity theft? I understand and agree with the value of good security practices. I just worry that assuming all software is insecure unless some very complicated and "iron clad" contracts exists and are independently validated. It's a recipe for a very inefficient society.

I actually worry that this mindset of adversarial relationships make it MORE likely for your identity to be stolen.

I don't think there is too much software a government agency will buy that I wouldn't like to see pen tested. By it's nature government is often dealing with sensitive data.

I'm not sure why having standards that should be met around software testing would make my data less secure. Weve seen leak after leak and so frequently it's some basic issue caused by massive incompetence, or more often, by decision makers cutting corners to make a quick profit.