Has it ever happened to you that you have had to do an online procedure, and the website gives problems? Or rather: Is it outdated, slow, hangs every two by three and with a rather anti-intuitive interface? Well, to that we must add that it may not be safe. In fact, of almost 500 websites of public institutions in Spain, only 5 are safe from the point of view of Cybersecurity.
As we read in Europapress, a group of experts has created the Pucelabits project in Valladolid, including the developer Rubén Martínez, who has worked at Mozilla -authors of the Firefox browser. The purpose of this project under the Hastagh #websegura is to analyze the official web pages of public institutions in Spain, to verify their degree of security. Spoiler: really low, rather on the ground.
Using for the analysis the parameters of the Mozilla Observatory -a tool that measures and calibrates the security of a website-, PucelaBits has focused on the importance of secure HTTPS connections, which allow content to be encrypted as it travels from the web to the device, and vice versa, with a model of 12 security tests to pass.
And the result has been that out of 490 public websites, only 5 of them pass cybersecurity. A crushing ratio of 1% versus 99% of insecure public websites. In fact, there are 36 websites that “do not have any security”.
With an American-style grade scale that goes from A to F, and considering that A and B are approved, among the only websites that according to PucelaBits can be considered safe we have:
La Moncloa: B-
Ministry of Equality: B-
INCIBE, National Institute of Cybersecurity: B
On the contrary, the study notes that 36 sites do not have any security or privacy measures, citing:
The tourist website spain.info
The Center for Industrial Technological Development (CDTI-E.P.E)
The National Institute of Educational Technologies and Teacher Training (INTEF)
Between one scale and the other are the rest of the institutional websites with grades ranging from C to F, for example the websites of:
State Public Employment Service (SEPE)
Central Electoral Board
Official site of the Radar Covid ‘app’. Websites of various ministries
On the PucelaBits website you have the complete list of websites, which is updated every 3 days and shows the note and amount of security tests that the analyzed site has passed or not. What do you think of the study? Do you see their reliable notes, or would it take other third-party studies to compare the results?