relevant section from the twitter whistleblower release:
Software Development Life Cycle (SDLC): An SDLC is a uniform process to develop and test software, and a basic best practice for engineering development at commercial companies. Twitter's need to implement an SDLC was more than a best practice, it had been required since the 2011 FTC Consent Order and reported regularly to the Board of Directors.’ In or around May 2021, Mudge instructed that the Board Risk Committee receive accurate data showing that the company only had a template for the SDLC, not even a functioning process, and by Q2 2021 that template had only been rolled out for roughly 8 to 12% of projects.
relevant section from the twitter whistleblower release:
Why does the government require development cycles for private companies?
it was part of a consent decree caused by Twitter's previous violations of FTC regulations, so like in lieu of prosecution they agree to certain shit
Lmao. “You violated the law. The punishment is that you have to actually do work”
looks like they also had to pay $150m but I don't know if that ended up sticking
just to follow-up, here is the actual consent decree with more background info:
https://www.ftc.gov/news-events/news/press-releases/2011/03/ftc-accepts-final-settlement-twitter-failure-safeguard-personal-information-0
and more digestible form, the DoJ's press release about it:
https://www.justice.gov/opa/pr/twitter-agrees-doj-and-ftc-pay-150-million-civil-penalty-and-implement-comprehensive