
Defense Data Breaches: Pentagon Must Hold Contractors Accountable - eaguyhn
https://www.bloomberg.com/opinion/articles/2019-04-18/defense-data-breaches-pentagon-must-hold-contractors-accountable
======
i_am_proteus
The Pentagon should move away from giving contractors checklists to complete
and start actively pentesting them before clearing them to do work.

"Security through bureaucracy" does not work.

~~~
toomuchtodo
This would help, but findings and audit reports aren’t enough. You need to
revoke clearances for pen testing findings that aren’t resolved in a timely
manner, or repeated failings. I would also like to see claw backs and
penalties for data leakage considering the sensitive nature of the data.

You get what you measure, incentives matter, and all those cliches.

