
US military purchased $32.8m worth of electronics with known security risks - ga-vu
https://www.zdnet.com/article/us-military-purchased-32-8m-worth-of-electronics-with-known-security-risks/
======
londons_explore
So what?

All software either has known vulnerabilities, or likely has unknown
vulnerabilities.

Purchasing software in either state is fine in my mind. Not requiring such
vulnerabilities are fixed, or not requiring a security team hunt for more
vulnerabilities, is the offence here.

------
ksaj
I'm assuming this means they did a risk analysis, and have planned appropriate
controls to mitigate the risks they found.

A risk and a vulnerability are not the same thing.

