Spurred by security incidents, DOT goes looking for its software flaws
The Department of Transportation has recently completed a set of thorough security tests on software used in the Transportation Secretary’s office, yielding surprising results about the software’s vulnerabilities. The testing program, which was partly motivated by three cybersecurity incidents at the department in the last year, began with software “we thought was pretty rock-solid,” DOT CIO Vicki Hildebrand said. “[W]e were pretty sure we wouldn’t find vulnerabilities. And we did.” A team of researchers from security-testing company Synack carried out the assessment of the DOT software, which uncovered flaws in commercial products and networked systems. DOT’s security team worked with Synack to promptly fix the vulnerabilities, according to Mark Kuhr, Synack’s co-founder and CTO. Hildebrand, a former executive at Hewlett Packard Enterprise, said she wanted to expand the testing program to other parts of DOT’s vast IT enterprise. “There’s going to be a team approach to whacking these [vulnerabilities] as […]
The post Spurred by security incidents, DOT goes looking for its software flaws appeared first on Cyberscoop.
Continue reading Spurred by security incidents, DOT goes looking for its software flaws