Comment by merrvk

There's not anything obviously wrong with using WordPress for publishing documents like this - they are meant to be public after all.

The problem was essentially that, through a misconfiguration, they published it early.

"On the reason for the early publication, Prof Martin said it was related to the software the OBR chose to publish to its website, which was more suitable for a small or medium company than a major publication of critical market-sensitive data."

Using WordPress plugins (with the exception of a limited sub-set) is like chewing gum you find on the sidewalk.

A technical oversight fail at multiple levels.

This is a reasonable question. I mean yeah it’s supposed to be made public anyway, but evidently there is a non-trivial amount of interest invested in its contents by people who don’t usually qualify when we think of “the public”. Otherwise what would be the big deal?

My guess is that the team responsible for this didn’t anticipate or at worst were not informed of its value to particular groups of people, at least not to a degree that would’ve warranted extra security measures.

In huge org's, doing computer-related stuff the "right" way often involves so many meetings, sign-offs, and miles of red tape that your grandchildren would die of old age before anything actually got done.

Vs. if you just let Will and Pete do it in WordPress (or on Facebook, or such) then needed tasks might actually be accomplished.

There's a UK government policy to try and use open source, they even have a github profile https://github.com/alphagov

It's not sensitive information. It's public information.