Comment by mrb
6 years ago
That's right. If I had to bet who was incompetent, Coalfire or the state agency, my bet is on the latter. The state agency probably didn't understand/read the full contract or maybe some internal miscommunication through hierarchy lead to confusion about what was or wasn't allowed in the pentest. I'll be waiting for Coalfire's press release who will probably confirm the contract did allow physical pentest...
This is dealing directly with the government. I doubt we ever hear of this again if the government screwed up.
No way coalfire would embarrass a client if they can avoid it.
I feel bad for the contractors who now have arrest records. They are the victims here.
> This is dealing directly with the government. I doubt we ever hear of this again if the government screwed up.
Exactly. We won't hear of it. They do work all across the US in the state and federal space. It's too lucrative to give up to shame them into submission publicly. Privately, sure.
> I feel bad for the contractors who now have arrest records. They are the victims here.
Well, they've been arrested. So their clearances have been yanked already, as per standard for Confidential/TS/SCI. Unless they can get complete restoration, including expungement of the arrest, and admission of unlawful arrest, they're done in federal/state infosec.
How long will you be waiting for their Press Release? This was first reported 5 days ago, presumably it happened before that even...
https://arstechnica.com/information-technology/2019/09/check...
Coalfire just released their statement and, yup, I was right: «Coalfire and State Court Administration believed they were in agreement regarding the physical security assessments for the locations included in the scope of work. Yet, recent events have shown that Coalfire and State Court Administration had different interpretations of the scope of the agreement» https://finance.yahoo.com/news/coalfire-comments-penetration...