Time To Bid On GSA Contract For Better Bidding Security

from the security,-who-needs-it? dept

If you sell products to the government, then you're most likely intimately familiar with the General Services Administration (GSA) and the fun process involved in dealing with them. A year and a half ago the GSA introduced a new computer system for contractors to submit bids -- in a goal "to improve effectiveness and efficiency in government." Considering that many of the contracts being bid on have to do with computer security systems for the government, you would think that they would spend a little time making sure the system was decently secure. You'd be wrong. As a security firm who was trying to sign up discovered, once you're in, you basically have full access to everything in the system just by changing the number of the document you were looking at. This is pretty basic stuff that most web programmers learned to avoid early on. Of course, it gets better. It sounds like the system has no security at all. Not only can you see other documents, you can edit them. On top of that, each document has the unique identifier of that particular contractor -- meaning you can sign into the system as that contractor and do whatever you want as them. So you could see what others were bidding on projects, submit fake bids or change the bids of others -- all pretty easily. As the guy who discovered the problem, Aaron Greenspan, president of Think Computer, says: "Theoretically, one could have started a bidding war between Boeing and Lockheed Martin, or Dell and Gateway, or changed the terms of their existing contracts." Yup. Government efficiency on display.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Andrew Strasser, 13 Jan 2006 @ 7:19am

    Best people for the job.

    That would go to show they were the best people for the job though it would be safe to assume as they knew everyones operational status and exactly what they needed to do.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.