I know the professor who did the review. He sent a mail explaining what actually happened, as opposed to what is shown by the mayor's website. The actual report will not be finished until August, so whatever you are seeing is not the complete report. What you are seeing is a preliminary result concerning a specific part of the system.
Unfortunately, even after the actual report si finished, the university will not have permission to make it public. So we may never see the real results.
The report is signed by him, so it's safe to say that report is an accurate recollection of what happened according to him.
Having a report on the security of a system be issued months _after_ it is used is completely stupid. This is not simply his fault, it's the entire arrangement which is stupid.
The report shows that Righetti had access to the source code. Unless you are trying to say that he did not have access to the files in which _actual_ security vulnerabilities were found, or that the source code he was given was _different_ from the source code which was leaked, which contained egregious vulnerabilities.
Keep in mind he pockets hundreds of thousands of dollars in this arrangement. That's the part that adds insult to injury. Further, he does not teach information security or anything similar at university (he teaches networking), when there _are_ people teaching such things at UBA (FCEyN), who would have been better suited for the task.
Unfortunately, even after the actual report si finished, the university will not have permission to make it public. So we may never see the real results.