Comment by ChrisRR
5 years ago
I think any defense agency would've looked at his code if it were so easily hacked and not awarded him anything
5 years ago
I think any defense agency would've looked at his code if it were so easily hacked and not awarded him anything
Sadly, no. V&V in defense projects are often short on evaluating security in any meaningful way. It’s mostly theater, show you ran a couple of security assessments or have a code review process that includes checking for buffer overflows and you’re fine.