
Defense Secretary Ash Carter Releases Hack the Pentagon Results - aburan28
http://www.defense.gov/News/News-Releases/News-Release-View/Article/802929/defense-secretary-ash-carter-releases-hack-the-pentagon-results
======
dmckeon
Perhaps .mil and .gov will quickly scan the rest of their systems for the same
set of vulnerabilities, but I fear it is more likely that they will spend
months in the RFP and contract process, and get around to scanning systems for
the _same set_ of vulnerabilities 1 or 2 fiscal years from now.

~~~
dmckeon
The defense.gov story has much more detail than the phys.org version I was
working from.

[http://phys.org/news/2016-06-hack-pentagon-reveals-
flaws.htm...](http://phys.org/news/2016-06-hack-pentagon-reveals-flaws.html)

defense.gov: _Starting this month, DoD is embarking on three follow-on
initiatives. First, will be the development of a vulnerability disclosure
process and policy for DoD so anyone with information about vulnerabilities in
DoD systems, networks, applications, or websites can submit it to the
department without fear of prosecution. Next will be the expansion of bug
bounty programs to other DoD Components, in particular the Services, by
developing a sustainable DoD-wide contract vehicle. Lastly, incentives will be
included in our acquisition policies and guidance so that contractors practice
greater transparency, and open their own systems for testing - especially DoD
source code._

