I could spend a great deal of time discussing the pros and cons of this DHS program, but I won’t. I will remain largely altruistic in my interpretation. Penetration testing is good. Exposing vulnerabilities is good. Hopefully remediation is taking place and the private sector is becoming more aware and more secure.
OK, I lied. Here is a little pessimism Hopefully, these assessments are taking the place of strong internal processes and hopefully they are not being used as a rubber stamp to avoid other sound security practices.