I do have an idea how “a difficult to kill, unwanted growth” could be put into relation to a war fueled by hatred.

All 3 systems use openssl and get attacked using Heartbleed.

(And even if they don’t reuse even a single piece of code, attackers can still just use multiple exploits.)

If the boss has no problem keeping it on the backlog forever, then apparently it isn’t an issue worth dealing with.

claiming the GDPR is good =/= claiming the GDPR is flawless

They didn’t say that either. Where do you get this idea from that they’re talking about (all) US news sites?

They said “American propaganda websites”. That may include some news sites. It may also not include some news sites.

The most you could infer from their statement is that only American propaganda websites violate the GDPR.

Of course websites exist that violate the GDPR and are not American propaganda websites.

But the vast majority of websites commiting severe violations of the GDPR that an average European encounters will be American propaganda websites.

(Believe it or not, Europeans don’t often visit websites written in Russian or Chinese.)

If they really needed to get around to doing that, the boss would’ve already hired another employee to do that task.

Not doing so implies that paying someone just for that task wouldn’t be worth it.

That does not change when a worker becomes available from somewhere else.