DDOSBP
Company Details
Linkedin ID:
dod-osbp
Website:
Employees number:
51
Number of followers:
28,010
NAICS:
92811
Industry Type:
Homepage:
defense.gov
IP Addresses:
0
Company ID:
DEP_1135343
Scan Status:
In-progress
Department of Defense Office of Small Business Programs Company CyberSecurity Posture
defense.gov
Mission: To modernize the defense industrial base, accelerate acquisitions, and reestablish deterrence by reducing barriers for small businesses to supply our Warfighters with innovative solutions and critical services. Vision: Maximize opportunities for businesses to contribute to national security by providing combat power for our troops and economic power for our nation. Contact us at [email protected]
Department of Defense Office of Small Business Programs A.I CyberSecurity Scoring
DDOSBP Risk Score (AI oriented)Between 750 and 799
DDOSBP
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
DDOSBP Global Score (TPRM)XXXX
DDOSBP
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
DDOSBP Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
LibreOffice
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: A critical security vulnerability, CVE-2025-1080, in LibreOffice was discovered, potentially exposing millions of users to remote code execution via manipulated macro URLs. The vulnerability, present in versions before 24.8.5 and 25.2.1, enabled attackers to bypass security protocols and execute arbitrary scripts, posing a significant risk to document collaboration workflows. The flaw was particularly dangerous in SharePoint-integrated environments, allowing attackers to embed malicious payloads in document-sharing links that could compromise networks without users downloading any files. The use of such links could lead to ransomware deployment or data exfiltration.
DDOSBP Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for DDOSBP
Incidents vs Armed Forces Industry Average (This Year)
Department of Defense Office of Small Business Programs has 16.28% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Department of Defense Office of Small Business Programs has 56.25% more incidents than the average of all companies with at least one recorded incident.
Incident Types DDOSBP vs Armed Forces Industry Avg (This Year)
Department of Defense Office of Small Business Programs reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 1 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — DDOSBP (X = Date, Y = Severity)
DDOSBP cyber incidents detection timeline including parent company and subsidiaries
DDOSBP Company Subsidiaries
Mission: To modernize the defense industrial base, accelerate acquisitions, and reestablish deterrence by reducing barriers for small businesses to supply our Warfighters with innovative solutions and critical services. Vision: Maximize opportunities for businesses to contribute to national security by providing combat power for our troops and economic power for our nation. Contact us at [email protected]
Loading...
DDOSBP Similar Companies
British Army
Joining the British Army, you’ll get much more from life than you ever would with a civilian career – you’ll have the opportunity to do something that really matters, with a team that are like family to you. The sense of belonging in the Army is next level: when you’ve trained with each other and ov
Marine Corps Recruiting
This is the Official LinkedIn Page of Marine Corps Recruiting. We make Marines. We win our nation's battles. We develop quality citizens. These are the promises the Marine Corps makes to our nation and to our Marines. The core values that guide us, and the leadership skills that enable us, not on
US Navy
The United States is a maritime nation, and the U.S. Navy protects America at sea. Alongside our allies and partners, we defend freedom, preserve economic prosperity, and keep the seas open and free. Our nation is engaged in long-term competition. To defend American interests around the globe, the U
United States Marine Corps
The United States Marine Corps (USMC) is a branch of the United States Armed Forces responsible for providing power projection, using the mobility of the United States Navy, by Congressional mandate, to deliver rapidly, combined-arms task forces on land, at sea, and in the air. The U.S. Marine Corps
U.S. Navy Reserve
MISSION Throughout all 50 states and around the world, the Navy Reserve force delivers real-world capabilities and expertise to support the Navy mission — building a more lethal, warfighting culture focused on great power competition. VISION The Navy Reserve provides essential naval warfighting cap
Canadian Armed Forces | Forces armées canadiennes
A career in the Canadian Armed Forces is more than a way to make a living. It’s a passport to a whole-life experience that will change you and allow you to change the lives of others. Join an organization that offers more than 100 different trades and professions. Obtain world-class qualification
Israel Defense Forces
The Israel Defense Forces (IDF) is the military of the State of Israel, responsible for the nation's defense and security. Founded in 1948, the IDF ranks among the most battle-tested armed forces in the world, having had to defend the country in six major wars. At the age of 18, men and women are
U.S. Air Force Reserve
The Air Force Reserve is an integral component of our Nation's air defense and military support network. Reservists bring knowledge, skills and expertise from their civilian experiences to support critical missions and training around the globe, while working alongside their Active Duty Air Force me
Department of National Defence/Ministère de la défense nationale
The Department of National Defence (DND) is a Canadian government department responsible for defending Canada's interests and values at home and abroad, as well as contributing to international peace and security. DND is the largest department of the Government of Canada in terms of budget as well a
.png)
DDOSBP CyberSecurity News
November 10, 2025 08:00 AM
DOD’s Cybersecurity Maturity Model Certification 2.0 Program Is Now Live
The Department of Defense plans to roll out the Cybersecurity Maturity Model Certification program in four phases over three years.
November 03, 2025 08:00 AM
Pentagon looks to get pulse of small businesses as CMMC looms
The Pentagon's small business office is polling companies about their readiness to meet the Cybersecurity Maturity Model Certification...
October 06, 2025 07:00 AM
How Does the Government Shutdown Impact the U.S. Industrial Base?
On October 1, the government shut down after Congress failed to appropriate funds for FY 2026. While some essential services continue,...
September 30, 2025 07:00 AM
Here’s a look at federal agencies’ shutdown contingency plans
As the government enters a shutdown, Federal News Network has compiled the need-to-know information from each agency's contingency plans.
September 22, 2025 07:00 AM
DoD Finalizes Cybersecurity Maturity Model Certification Rule: What Defense Contractors Need to Know
On September 10, 2025, the U.S. Department of Defense (DoD) published a final rule that will shake up cybersecurity compliance for DoD...
September 16, 2025 07:00 AM
New Cybersecurity Assessment Requirements for Defense Contractors Are Here
Categories: Regulatory. After years of starts and stops, the United States Department of Defense (DoD) has finished its roll-out of the...
September 16, 2025 07:00 AM
Watchdog finds DoD did not have sufficient data about Global Household Goods contract
In addition, TRANSCOM did not have full information regarding costs associated with the contract transition.
September 10, 2025 07:00 AM
With CMMC rule final, DoD focused on training, small business relief
The Pentagon's Cybersecurity Maturity Model Certification, or CMMC, requirements are set to go live in November after years of rulemaking.
September 08, 2025 01:38 AM
Katherine “Katie” Arrington
Ms. Katherine “Katie” Arrington is Performing the Duties of the Department of War Chief Information Officer. In this capacity, she serves as the primary...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
DDOSBP CyberSecurity History Information
Official Website of Department of Defense Office of Small Business Programs
The official website of Department of Defense Office of Small Business Programs is https://business.defense.gov.
Department of Defense Office of Small Business Programs’s AI-Generated Cybersecurity Score
According to Rankiteo, Department of Defense Office of Small Business Programs’s AI-generated cybersecurity score is 750, reflecting their Fair security posture.
How many security badges does Department of Defense Office of Small Business Programs’ have ?
According to Rankiteo, Department of Defense Office of Small Business Programs currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Department of Defense Office of Small Business Programs have SOC 2 Type 1 certification ?
According to Rankiteo, Department of Defense Office of Small Business Programs is not certified under SOC 2 Type 1.
Does Department of Defense Office of Small Business Programs have SOC 2 Type 2 certification ?
According to Rankiteo, Department of Defense Office of Small Business Programs does not hold a SOC 2 Type 2 certification.
Does Department of Defense Office of Small Business Programs comply with GDPR ?
According to Rankiteo, Department of Defense Office of Small Business Programs is not listed as GDPR compliant.
Does Department of Defense Office of Small Business Programs have PCI DSS certification ?
According to Rankiteo, Department of Defense Office of Small Business Programs does not currently maintain PCI DSS compliance.
Does Department of Defense Office of Small Business Programs comply with HIPAA ?
According to Rankiteo, Department of Defense Office of Small Business Programs is not compliant with HIPAA regulations.
Does Department of Defense Office of Small Business Programs have ISO 27001 certification ?
According to Rankiteo,Department of Defense Office of Small Business Programs is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Department of Defense Office of Small Business Programs
Department of Defense Office of Small Business Programs operates primarily in the Armed Forces industry.
Number of Employees at Department of Defense Office of Small Business Programs
Department of Defense Office of Small Business Programs employs approximately 51 people worldwide.
Subsidiaries Owned by Department of Defense Office of Small Business Programs
Department of Defense Office of Small Business Programs presently has no subsidiaries across any sectors.
Department of Defense Office of Small Business Programs’s LinkedIn Followers
Department of Defense Office of Small Business Programs’s official LinkedIn profile has approximately 28,010 followers.
NAICS Classification of Department of Defense Office of Small Business Programs
Department of Defense Office of Small Business Programs is classified under the NAICS code 92811, which corresponds to National Security.
Department of Defense Office of Small Business Programs’s Presence on Crunchbase
No, Department of Defense Office of Small Business Programs does not have a profile on Crunchbase.
Department of Defense Office of Small Business Programs’s Presence on LinkedIn
Yes, Department of Defense Office of Small Business Programs maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/dod-osbp.
Cybersecurity Incidents Involving Department of Defense Office of Small Business Programs
As of December 02, 2025, Rankiteo reports that Department of Defense Office of Small Business Programs has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Department of Defense Office of Small Business Programs has an estimated 793 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Department of Defense Office of Small Business Programs ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability.
Incident Details
Can you provide details on each incident ?
Title: CVE-2025-1080 Vulnerability in LibreOffice
Description: A critical security vulnerability, CVE-2025-1080, in LibreOffice was discovered, potentially exposing millions of users to remote code execution via manipulated macro URLs. The vulnerability, present in versions before 24.8.5 and 25.2.1, enabled attackers to bypass security protocols and execute arbitrary scripts, posing a significant risk to document collaboration workflows. The flaw was particularly dangerous in SharePoint-integrated environments, allowing attackers to embed malicious payloads in document-sharing links that could compromise networks without users downloading any files. The use of such links could lead to ransomware deployment or data exfiltration.
Type: Remote Code Execution
Attack Vector: Manipulated macro URLs
Vulnerability Exploited: CVE-2025-1080
Motivation: Ransomware deploymentData exfiltration
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Vulnerability.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Manipulated macro URLs.
Impact of the Incidents
What was the impact of each incident ?
Incident : Remote Code Execution DOD405030625
Systems Affected: LibreOffice versions before 24.8.5 and 25.2.1
Which entities were affected by each incident ?
Incident : Remote Code Execution DOD405030625
Entity Name: LibreOffice
Entity Type: Software
Industry: Software
Customers Affected: millions of users
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Remote Code Execution DOD405030625
Entry Point: Manipulated macro URLs
Additional Questions
Impact of the Incidents
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Manipulated macro URLs.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A weakness has been identified in codingWithElias School Management System up to f1ac334bfd89ae9067cc14dea12ec6ff3f078c01. Affected is an unknown function of the file /student-view.php of the component Edit Student Info Page. This manipulation of the argument First Name causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 3.3
Severity: LOW
AV:N/AC:L/Au:M/C:N/I:P/A:N
cvss3
Base: 2.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 4.8
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
By providing a command-line argument starting with a semi-colon ; to an API endpoint created by the EnhancedCommandExecutor class of the HexStrike AI MCP server, the resultant composed command is executed directly in the context of the MCP server’s normal privilege; typically, this is root. There is no attempt to sanitize these arguments in the default configuration of this MCP server at the affected version (as of commit 2f3a5512 in September of 2025).
Risk Information
cvss3
Base: 9.1
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Description
A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/header_menu.php of the component GET Parameter Handler. Executing manipulation of the argument Error can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A security flaw has been discovered in Qualitor 8.20/8.24. Affected by this vulnerability is the function eval of the file /html/st/stdeslocamento/request/getResumo.php. Performing manipulation of the argument passageiros results in code injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was identified in Scada-LTS up to 2.7.8.1. Affected is the function Common.getHomeDir of the file br/org/scadabr/vo/exporter/ZIPProjectManager.java of the component Project Import. Such manipulation leads to path traversal. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 6.5
Severity: LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
cvss3
Base: 6.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=dod-osbp' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
