Why does every agency do it's own evaluation of the same software? Why can't one agency like NIST or NSA do careful security and functional evaluation of things like operating systems and browsers and make that available to the rest of the country?
For example, why don't we have a custom browser that controls scripting, cookies, and other risks which we distribute government wide? This would be faster, more effiencent, safer, cheaper, etc., etc. We could account for mission specific and agency specific difference via secure plugins (similar to how good browsers like Firefox and Chrome do now).
It boggles my mind that we are constantly re-inventing the wheel and have hundreds of different ways to solve the same problem (all at the taxpayer expense).
It's downright embarassing actually.