While “user experience” may have been improved, security expert David Kennedy insists there has been no improvement to data security, and the rapid pace of the fixes may have even made matters worse.
“It doesn’t appear that any security fixes were done at all,” Kennedy said. “They said they implemented over 400 bug fixes. When you recode the application to fix these 400 bugs—they were rushing this out of the door to get the site at least so it can work a little bit—you’re introducing more security flaws as you go along with it because you don’t even check that code.”
Kennedy, CEO of the security consultancy TrustedSec, testified before congress recently about the security lapses he found after conducting a fairly routine, low-intensity penetration test of the government run website, saying that the developers took little to no care in producing a secure portal.
“I’m a little bit more skeptical now, and I would still definitely advise individuals to not use the website because it’s definitely something that I don’t believe is secure and neither did the four individuals that testified in front of Congress,” Kennedy continued.