Sadly, no. V&V in defense projects are often short on evaluating security in any meaningful way. It’s mostly theater, show you ran a couple of security assessments or have a code review process that includes checking for buffer overflows and you’re fine.