We discovered a serious vulnerability in the Known Crewmember (KCM) and Cockpit Access Security System (CASS) programs used by the Transportation Security Administration.
We did not want to contact FlyCASS first as it appeared to be operated only by one person and we did not want to alarm them.
They are the company, running the thing. You are going to alarm them a whole lot more by going to the damn DHS. Like, I think DHS and TSA probably do need to know about this, but why not start with the actual intimately responsible party?
I also didn’t understand the logic here. Why did they “did not want to alarm them”? Is it because a one person company can simply fix the issue and not report to any other authority? What is the rationale behind it?
I’m sorry, but WTF is
They are the company, running the thing. You are going to alarm them a whole lot more by going to the damn DHS. Like, I think DHS and TSA probably do need to know about this, but why not start with the actual intimately responsible party?
I also didn’t understand the logic here. Why did they “did not want to alarm them”? Is it because a one person company can simply fix the issue and not report to any other authority? What is the rationale behind it?