A website used by companies to register and bid on government contracts through the US General Services Administration (GSA) was shut down for repairs after one user reported that the site allowed him to view and potentially change bids by other vendors.
The GSA's eOffer/eMod site is used by vendors that want to do business with the US government and enables them to electronically prepare and submit their applications. The site is expected to be back in operation this week.
The security problem was discovered before Christmas by a Web software development company, which found the security glitch when it tried to resubmit an application to become a government vendor.
On further investigation, the user found he was able to access applications from other vendors, viewing bid data, pricing, personal contact information, and confidential financial data about other vendors. The information could also be downloaded and potentially changed before being uploaded back to the website.
These online bidding sites for government contracts are a great idea. But how many of them are secure, and more importantly, who is responsible for testing them? Are UK government contract bidding sites any more secure than this?