Why you can trust us

Engadget has been testing and reviewing consumer tech since 2004. Our stories may include affiliate links; if you buy something through a link, we may earn a commission. Read more about how we evaluate products.

Homeland Security will hack you if asked nicely

Uncle Sam knows that the best defense is a good offense.

With how many data breaches companies have suffered as of late it makes sense that the Department of Homeland Security is starting to do its own whitehat hacking work. It's done at the request of "critical infrastructure" outfits, and based on a report from KrebsOnSecurity it all sounds pretty thorough too: operating systems, databases and web apps are all apparently targeted by the DHS' Risk and Vulnerability Assessment service. But that's not all.

The program also tests employees with social engineering to get an idea of how they'd react to phishing attempts. There's a ful report to go along with this too. Perhaps most damning? Over half of the weak spots discovered were either high or critical in terms of their severity. Ouch. But, 99 percent of federal Heartbleed vulnerabilities were cleared up in three weeks. There are plenty more facts like those in the National Cybersecurity Assessment and Technical Services 2014 report (PDF). And of course if you want pretty deep analysis on the whole situation, make sure to read Krebs' take.