The two work for SecureState, a company that specializes in information security. That comforting scenario is accompanied by the release of a white paper to demonstrate how the code enables attackers to enter information into the accounting system in a way that is described as making it very difficult for technical security controls to detect. Asked for comment, Microsoft provided a link to a blog entry that states "There is not a security vulnerability in Microsoft Dynamics GP." However, this was written on May 24, 2010. But it would have been surprising if there had been a comment and an admission of vulnerability would have been astounding. Project Mayhem was actually designed to assist penetration testers in performing attacks, and the whitepaper describes controls for countering each attack method. In the words of the statement, "The goal of a public release for this utility is to promote security awareness for accounting controls and ensure that stronger controls are put in place for Microsoft GP and other financial systems in the future."