“The testing program, which was partly motivated by three cybersecurity incidents at the department in the last year, began with software “we thought was pretty rock-solid,” DOT CIO Vicki Hildebrand said. “[W]e were pretty sure we wouldn’t find vulnerabilities. And we did.”
“A team of researchers from security-testing company Synack carried out the assessment of the DOT software, which uncovered flaws in commercial products and networked systems. DOT’s security team worked with Synack to promptly fix the vulnerabilities, according to Mark Kuhr, Synack’s co-founder and CTO.”
“I was there for my first three months and I had a few cyber incidents that I had to address,” she said, adding that the episodes highlighted the need for a…” Read the full article here.
Source: Spurred by security incidents, DOT goes looking for its software flaws – By Sean Lyngaas, September 7, 2018. CyberScoop.