Really interesting document, Peter Zatko (Mudge)’s whistleblower report to the US Securities & Exchange Commission, US Federal Trade Commission, and US Department of Justice as released (redacted) by his lawyers to US Congress is available on the web.
Full 84 page document
A pretty good view of highlights from that report is at
where Avid Halaby points out these details, among others:
* Twitter didn't monitor employee computers at all, it was not uncommon for employees to install spyware on work devices
* Twitter does not have separate development, test, staging, and production environments. At least 5,000 employees had privileged access to production systems.
* Twitter had no software development lifecycle, and misled both the FTC and its Board about this fact for a decade.
* Twitter did not keep backups of employee computers. They used to, but then the system broke, was never fixed, and execs decided this was good because it meant they couldn't comply with regulators.
I found Halaby’s Threadreader page, which linked ot the full report, from an item on Dennis Beatie’s Revolver News. https://www.revolver.news/