We discovered a serious vulnerability in the Known Crewmember (KCM) and Cockpit Access Security System (CASS) programs used by the Transportation Security Administration.
I also didn’t understand the logic here. Why did they “did not want to alarm them”? Is it because a one person company can simply fix the issue and not report to any other authority? What is the rationale behind it?
I also didn’t understand the logic here. Why did they “did not want to alarm them”? Is it because a one person company can simply fix the issue and not report to any other authority? What is the rationale behind it?