The problem with a line of reasoning that includes secret evidence we'll never get to see is that it can be used to support any conclusion whatsoever.
Inasmuch as it's a guide for other agencies, they'd be better served by OWASP recommendations. It's not clear what anyone could do with a report like this. I don't see any great takeaways that one could add to the next revision of their STIG. There are no 0-days for an IAVA.
As long as we're going for pure speculation, I think that Kim Dotcom hired Ukranian hackers and I could potentially find weak circumstantial evidence by going through a timeline of his Tweets. I seem to remember that he had foreknowledge of some of the items to be leaked, though that could've been pure BS and I didn't really investigate it at the time. He also has motive based on this administration's treatment of him.
Interesting theory about Dotcom. He knew something. I also think that Wikileaks has more material than they released and that Dotcom knows it. His tweets during October suggest that he was expecting something more to drop. It could have been BS, as you say, but I think he knew something.
Inasmuch as it's a guide for other agencies, they'd be better served by OWASP recommendations. It's not clear what anyone could do with a report like this. I don't see any great takeaways that one could add to the next revision of their STIG. There are no 0-days for an IAVA.
As long as we're going for pure speculation, I think that Kim Dotcom hired Ukranian hackers and I could potentially find weak circumstantial evidence by going through a timeline of his Tweets. I seem to remember that he had foreknowledge of some of the items to be leaked, though that could've been pure BS and I didn't really investigate it at the time. He also has motive based on this administration's treatment of him.
EDIT: Found it -
https://www.bloomberg.com/politics/articles/2015-05-14/kim-d...