Yikes, I don’t want to live in a world where calling bullshit is “obviously rude” but I’ll bite.
> Pen tests are a requirement for any vendor doing business with the gov.
What does this prove? Solar Winds, Colonial Pipeline (maybe more relevant here), etc.
Your search link doesn’t include anything about extensive penetration tests ensuring the security of these devices. That’s the claim. Where is the evidence?
Also calling someone’s knowledge “out of date” is a, dare I say rude assumption. But judging by your assuring in the security of government contractors I’d say your opinions are quite naive :)
> Yikes, I don’t want to live in a world where calling bullshit is “obviously rude” but I’ll bite.
Sadly, this is an is/ought problem. I don't want to live in a world with poverty and war either, but that doesn't make it fact.
> What does this prove? Solar Winds, Colonial Pipeline (maybe more relevant here), etc.
The point of pen tests is not to guarantee perfection. There are also ways to sweep things under the rug if those in charge are so inclined. But the existence of those things doesn't mean pen tests aren't done, or that nobody cares about security.
> Your search link doesn’t include anything about extensive penetration tests ensuring the security of these devices. That’s the claim. Where is the evidence?
Did you look at either of the first two hits? The first four indeed are evidence that the government does pen tests. The first hit is a government department that solely exists to do penetration tests[1]. The second one called "PENETRATION TEST GUIDANCE" is all the rules regarding how penetration tests must be done[2].
Ok your turn for evidence. What evidence do you have that all of those things are fake? Or that none of the compliance officers actually check it?
> Also calling someone’s knowledge “out of date” is a, dare I say rude assumption.
You're right, I apologize for doing that. I actually thought that was more charitable than the other possibilities, but it doesn't add anything to the discussion so should have been left out.
> Pen tests are a requirement for any vendor doing business with the gov.
What does this prove? Solar Winds, Colonial Pipeline (maybe more relevant here), etc.
Your search link doesn’t include anything about extensive penetration tests ensuring the security of these devices. That’s the claim. Where is the evidence?
Also calling someone’s knowledge “out of date” is a, dare I say rude assumption. But judging by your assuring in the security of government contractors I’d say your opinions are quite naive :)