After a herculean effort to save the embattled Healthcare.gov insurance marketplace website, Health and Human Services (HHS) issued a report (PDF) which indicates that over 400 bugs in the system have been remedied to improve performance, but security is still a major issue.
The report states that:
- Hundreds of software fixes, hardware upgrades and continuous monitoring have measurably improved the consumer experience
- Site capacity is stable at its intended level
- Operating metrics are greatly improved, and activity levels demonstrate the site is working for consumers
While “user experience” may have been improved, security expert David Kennedy insists there has been no improvement to data security, and the rapid pace of the fixes may have even made matters worse.
“It doesn’t appear that any security fixes were done at all,” Kennedy said. “They said they implemented over 400 bug fixes. When you recode the application to fix these 400 bugs—they were rushing this out of the door to get the site at least so it can work a little bit—you’re introducing more security flaws as you go along with it because you don’t even check that code.”
Kennedy, CEO of the security consultancy TrustedSec, testified before congress recently about the security lapses he found after conducting a fairly routine, low-intensity penetration test of the government run website, saying that the developers took little to no care in producing a secure portal.
“I’m a little bit more skeptical now, and I would still definitely advise individuals to not use the website because it’s definitely something that I don’t believe is secure and neither did the four individuals that testified in front of Congress,” Kennedy continued.
“I think there’s some major security concerns there around privacy and information, and they haven’t even come close to being addressed, and won’t be in the short term.”
The HHS report admits that “while there is more work to be done, the team is operating with private sector velocity and effectiveness, and will continue their work to improve and enhance the website in the weeks and months ahead.”
Read More Here…