[thingexplainer]

I agree, I never meant to imply that I thought contractors were less loyal. I appreciate the depth of your responses and hope I haven't given offense.

There are just so many of them that it projects the attack surface of the DoD out; now you can attack contractors which aren't as tightly regulated, and they might hire people to, say, build their website that aren't even cleared. So now I can steal some web dev's credentials and pivot towards classified networks.

[gnarbarian]

No offense taken. And yes external contractors can pose additional security vulnerabilities since they are not always under the same security policies on their own machines. I know that some departments are changing things so all work must be performed on government equipment with government source control on internal networks. If my client does this I will definitely quit. I am already pretty burned out on the work (their policy is all internal projects must be in cold fusion)