Time To Bid On GSA Contract For Better Bidding Security

from the security,-who-needs-it? dept

If you sell products to the government, then you’re most likely intimately familiar with the General Services Administration (GSA) and the fun process involved in dealing with them. A year and a half ago the GSA introduced a new computer system for contractors to submit bids — in a goal “to improve effectiveness and efficiency in government.” Considering that many of the contracts being bid on have to do with computer security systems for the government, you would think that they would spend a little time making sure the system was decently secure. You’d be wrong. As a security firm who was trying to sign up discovered, once you’re in, you basically have full access to everything in the system just by changing the number of the document you were looking at. This is pretty basic stuff that most web programmers learned to avoid early on. Of course, it gets better. It sounds like the system has no security at all. Not only can you see other documents, you can edit them. On top of that, each document has the unique identifier of that particular contractor — meaning you can sign into the system as that contractor and do whatever you want as them. So you could see what others were bidding on projects, submit fake bids or change the bids of others — all pretty easily. As the guy who discovered the problem, Aaron Greenspan, president of Think Computer, says: “Theoretically, one could have started a bidding war between Boeing and Lockheed Martin, or Dell and Gateway, or changed the terms of their existing contracts.” Yup. Government efficiency on display.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Time To Bid On GSA Contract For Better Bidding Security”

Subscribe: RSS Leave a comment
1 Comment

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...