Having read the solicitation, its pretty clear this was as much about N-days (N<180) and CVE->exploit conversion, and the intent was for the red team to simulate attackers on the Navy’s own network, not for tools to attack others.
It was also specifically a small business solicitation, so something smaller than the typical defense contractors who are responsible for the bulk of the toys in the spys’ toolkit.
Meanwhile, back at the farm…
Great work, NSA!
Wait, don’t they prosecute people who reveal these vulnerabilities? Nice try, Navy, but the white hats are staying home this time.
You mean Navy, right?
No, I meant NSA. I was responding to Crenquis’ post, which is about … oh, heck, read it for yourself.
This topic was automatically closed after 5 days. New replies are no longer allowed.