Security Directory

X

Xactly Corporation

xactlycorp.com

78

The website demonstrates a generally solid security foundation with no critical issues detected and strong scores in email security, network security, SSL/TLS, and DNS health. However, significant gaps exist in compliance with GDPR and NIS2 regulatory frameworks, reflected by multiple high and medium severity issues. Key deficiencies include the absence of a cookie consent banner, lack of documented information security policies, incident response procedures, and security contact details. Security headers and privacy configurations also need improvement to reduce exposure to common web-based attacks and data privacy risks. While network security and cryptographic practices are robust, the lack of vulnerability disclosure and business continuity planning increases organizational risk. Overall, the website is secure from a technical standpoint but requires urgent enhancements in governance, compliance, and privacy controls to protect the business legally and reputationally. Addressing these issues will reduce regulatory exposure and strengthen stakeholder trust.

The website demonstrates a generally stable security posture with no critical vulnerabilities detected, and strong network security measures in place. However, significant gaps exist in compliance with GDPR and NIS2 regulatory frameworks, reflected by low scores of 43 and 25 respectively. High-severity issues such as the absence of a cookie policy, consent banner, security documentation, and incident response procedures expose the business to legal, reputational, and operational risks. Email security protocols and SSL/TLS configurations are adequate but require improvements to prevent phishing and data interception. DNS health and security headers are mostly well-configured, though some enhancements are advisable. Overall, the site is protected against common network threats but needs urgent attention on regulatory compliance and incident preparedness to mitigate potential business disruptions and fines. Addressing these gaps will strengthen trust with customers and regulators while enhancing resilience against cyber incidents.

The overall security posture of the website reflects a solid foundation in network security, email security, and SSL/TLS configurations, with scores above 85 in these areas. However, significant gaps exist in regulatory compliance and governance, particularly around GDPR and NIS2 requirements, with scores of 43 and 25 respectively, indicating high risk in legal and operational domains. The absence of a cookie policy, consent banner, and incomplete privacy documentation expose the business to potential non-compliance penalties and reputational damage under data protection laws. Critical governance frameworks such as incident response procedures, security policies, and vulnerability disclosure mechanisms are missing, increasing the risk of unresolved security incidents. Medium-level issues like missing permissions-policy headers, DNSSEC not being enabled, and DMARC not fully enforced suggest areas where attack surfaces could be reduced. Low-risk issues, including sensitive data caching and missing CAA records, should be addressed to enhance overall security hygiene. Immediate focus on compliance and formal security documentation will mitigate regulatory and operational risks while maintaining strong technical defenses. This balanced approach supports business continuity and builds customer trust in the website's security posture.

C

CoStar Group

costargroup.com

72

The website demonstrates a solid foundation in core security areas such as email security, SSL/TLS, and network security, each scoring a perfect 100. However, significant gaps exist in compliance and governance frameworks, particularly around GDPR and NIS2 regulations, with both modules scoring only 25 out of 100. The absence of fundamental privacy documentation and consent mechanisms exposes the business to regulatory penalties and reputational damage. Additionally, missing security policies, incident response plans, and vulnerability disclosure programs highlight a lack of mature security governance. Weaknesses in HTTP security headers, though lower in severity, still present opportunities for attackers to exploit browser-based vulnerabilities. DNS security is moderately strong but can be improved by enabling DNSSEC and configuring CAA records. Overall, the organization must urgently focus on compliance and governance controls to mitigate legal risks and improve customer trust, while continuing to maintain its current technical security strengths.

F

Fannie Mae

fanniemae.com

63

The website demonstrates a mixed security posture with no critical vulnerabilities but several high and medium-risk issues that could impact both security and regulatory compliance. Notably, the absence of key GDPR-related elements such as Privacy and Cookie Policies, and a consent banner, exposes the business to potential legal penalties and loss of user trust. Security headers are inadequately configured, increasing susceptibility to common web attacks like cross-site scripting. The lacking information security framework and incident response procedures indicate immature cybersecurity governance, risking delayed or ineffective handling of security incidents. SSL certificate expiration and mixed content issues threaten secure communications, while missing DNSSEC and email authentication elements could allow domain spoofing or phishing attacks. Positively, network security and DNS health are strong, providing a solid foundation. Overall, immediate focus on compliance and security policy establishment is critical to safeguard business operations and reputation.

E

Egnyte

egnyte.com

76

The website exhibits a generally strong security posture in network security, SSL/TLS configuration, and email security, scoring near or at 100 in these areas. However, significant gaps exist in compliance with GDPR and NIS2 requirements, leading to low scores of 43 and 25 respectively. Critical business risks stem from missing cookie policies and consent mechanisms, absence of an information security framework, and lack of incident response procedures, which expose the organization to regulatory penalties and operational disruptions. Security headers are mostly implemented but lack some key controls that could reduce exposure to information leakage. DNS health is adequate but can be improved by enabling DNSSEC to prevent domain spoofing. Overall, the website is secure from common network and transport layer attacks but vulnerable to regulatory compliance violations and incident management deficiencies, which could impact business reputation and continuity.

M

Monaco Santé

monacosante.mc

67

The website demonstrates a solid foundation in network security, SSL/TLS configuration, and DNS health, reflecting effective controls in these areas. However, significant gaps exist in privacy compliance and governance frameworks, with the absence of key GDPR policies and NIS2 security documentation exposing the business to regulatory and operational risks. Critical missing security headers, especially the Content-Security-Policy, increase susceptibility to client-side attacks such as cross-site scripting. Additionally, email security could be improved by enforcing DMARC policies to prevent phishing and spoofing. The lack of incident response and business continuity plans further jeopardizes the organization's ability to manage and recover from security incidents, potentially impacting business continuity and reputation. Overall, while technical defenses are adequate, the absence of compliance and governance measures poses higher business risks. Prioritizing policy implementation and security framework development will strengthen compliance posture and reduce exposure to legal and operational threats.

F

Family Office Exchange

familyoffice.com

51

The website's overall security posture is critically weak, primarily due to the complete lack of HTTPS encryption, exposing user data and communications to interception and manipulation. Significant compliance gaps exist, particularly with GDPR and NIS2 directives, risking legal penalties and reputational damage. Security headers are inadequately configured, leaving the site vulnerable to common web-based attacks such as cross-site scripting. While email security and network security are strong, foundational elements like incident response, security policies, and vulnerability disclosure frameworks are missing, undermining the organization's ability to detect, respond to, and mitigate threats effectively. DNS security is moderate but could be improved to reduce risks of DNS spoofing and related attacks. The absence of cookie management controls and transparency further increases regulatory non-compliance risk. Immediate remediation is essential to protect business continuity, customer trust, and regulatory standing.

V

VolkerRail

volkerrail.nl

51

The website exhibits critical vulnerabilities that severely impact its security posture, notably the absence of HTTPS encryption, which exposes all data transmissions to interception and undermines trust. Compliance with GDPR is critically deficient, with missing privacy measures, cookie consent, and policy elements, risking significant legal and financial penalties for operating as an EU business without proper safeguards. The lack of an information security framework, incident response procedures, and security policies further amplifies operational risks and regulatory non-compliance under NIS2 requirements. While network security and email security show strengths, foundational issues such as weak security headers and DNS security gaps must be addressed to prevent exploitation. Overall, the site is at high risk of data breaches, legal repercussions, and reputational damage unless urgent remediation occurs. Immediate focus on encryption, privacy compliance, and security governance is essential to protect business interests and customer trust. The current security posture scores indicate critical gaps in GDPR, NIS2, and SSL/TLS domains that require rapid attention. Addressing these will significantly improve compliance, resilience, and stakeholder confidence.

A

AFRY

afconsult.com

50

The website's overall security posture is currently inadequate, exposing the business to significant risks related to data protection, regulatory compliance, and potential cyberattacks. The absence of HTTPS encryption is a critical vulnerability that compromises data confidentiality and integrity, severely undermining user trust and legal compliance, especially under GDPR and NIS2 frameworks. Key regulatory compliance gaps include missing privacy and cookie policies and the lack of a cookie consent mechanism, which can lead to legal penalties and reputational damage. Security governance is weak, with no documented information security or incident response policies, indicating poor preparedness for cyber incidents. While some foundational network security controls are in place, critical header configurations and missing Content-Security-Policy headers leave the website susceptible to common web attacks. DNS health is moderately good but can be improved by enabling DNSSEC to prevent DNS spoofing. Email security measures are strong, indicating some security awareness. Immediate remediation is essential to protect customer data, maintain trust, and comply with regulatory mandates.

V

Vertex Pharmaceuticals

vrtx.com

42

The website's overall security posture is currently weak and exposes the business to significant risks, especially regarding data protection and regulatory compliance. Critical issues such as the absence of HTTPS encryption severely compromise data confidentiality and trustworthiness. The lack of GDPR compliance elements, including privacy and cookie policies and consent mechanisms, poses legal and reputational risks. Additionally, essential cybersecurity frameworks and incident response plans required by NIS2 are missing, indicating unpreparedness for cyber incidents. Email security protocols are partially implemented but require strengthening to prevent phishing and spoofing attacks. DNS-related vulnerabilities, including potential subdomain takeover and missing DNSSEC, increase attack surface exposure. While network security is strong, foundational security controls like security headers are incomplete, further increasing vulnerability to common web-based attacks. Immediate remediation is crucial to safeguard customer data, ensure regulatory compliance, and protect brand reputation.

B

BOURBON

bourbonoffshore.com

42

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory penalties, and reputational damage. The absence of HTTPS encryption is a fundamental flaw affecting GDPR, NIS2, and general security compliance, making all data transmissions vulnerable to interception. Key security headers are missing, increasing susceptibility to common web attacks such as XSS and clickjacking. GDPR compliance is severely lacking due to missing cookie consent mechanisms and incomplete privacy documentation, which could lead to heavy fines. The lack of an established information security framework, incident response procedures, and vulnerability disclosure policies signals immature security governance. Email security is insufficient, with no authentication protocols configured, raising the risk of phishing and spoofing attacks. While network security and DNS health show relatively better posture, critical gaps in SSL/TLS and governance overshadow these strengths. Immediate remediation is essential to protect customer data, comply with regulations, and maintain business continuity.

A

AEG

aegworldwide.com

73

The website demonstrates a mixed security posture with no critical vulnerabilities but multiple high and medium risk issues, particularly in compliance and governance areas. Key deficiencies exist in GDPR compliance, including absence of cookie policies and consent mechanisms, raising potential legal and reputational risks. Security governance is also weak, lacking essential NIS2 framework elements such as security policies, incident response, and business continuity planning, which could impair incident management and regulatory adherence. Technical security controls like security headers and SSL/TLS configurations need improvement to reduce attack surfaces. DNS and network security are relatively strong, and email security is fully compliant. Overall, the site is vulnerable to regulatory penalties, data exposure, and operational risks if these gaps remain unaddressed. Immediate remediation is vital to strengthen defenses, ensure compliance, and protect business continuity.

D

Département des Alpes-Maritimes

departement06.fr

58

The website https://departement06.fr currently exhibits significant security and compliance deficiencies, particularly in privacy policy implementation and security header configurations, resulting in a high-risk posture. Critical gaps in GDPR compliance and information security governance expose the business to regulatory penalties and reputational damage. While network and DNS security aspects are relatively strong, urgent remediation is needed to establish trust and legal compliance.

B

Bite

bite.lv

58

The website https://www.bite.lv/ exhibits significant security and compliance gaps, particularly around GDPR compliance and foundational security controls such as headers and incident response procedures. These deficiencies expose the business to regulatory risks, reputational damage, and potential cyber threats, undermining customer trust and operational resilience.

The website bite.lt exhibits significant security and compliance gaps, particularly in privacy and regulatory adherence, posing substantial business and legal risks. While network and email security are relatively strong, critical deficiencies in GDPR compliance, NIS2 frameworks, and security headers undermine overall trust and expose the business to potential data breaches and regulatory penalties.

B

Broad Institute

broadinstitute.org

71

The Broad Institute's website exhibits several significant security and compliance gaps, particularly in web security headers, GDPR compliance, and NIS2 regulatory preparedness. While network and email security posture are strong, missing critical security controls and documentation expose the organization to potential data breaches, regulatory penalties, and operational disruptions. Addressing these gaps promptly will strengthen trust, ensure compliance, and reduce risk.