Why The Public Sector Will Never Support Bug Bounties

Would you believe there are some public sector sites that are still running SSL v2? This protocol version is completely riddled with holes and could open up the private keys used by a site. Overall it leaves a web site vulnerable to BEAST, FREAK, POODLE DROWN, and lots of downgrade attacks.

Leading companies such as Google and Microsoft have an active bug bounty scheme…

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Prof Bill Buchanan OBE

Prof Bill Buchanan OBE

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. Based in Edinburgh. Old World Breaker. New World Creator. Building trust.