Federal government lands on you like a sack of bricks if you don't provide this information through their (in)secure website. No exceptions.
Sometimes you can't fire the vendor because they're not a vendor, they're a freaking regulatory agency with the power to crush you like a bug, and a 5 year approval process to get anything done, never mind a month turnaround for a recently discovered exploit. On Fri, Jul 17, 2015 at 10:50 PM, <tqr2813d376cjozqa...@tutanota.com> wrote: > Weak ciphers? Old (insecure) protocol versions? Open security issues? > Vendor > will never provide a patch? Trash goes in the trash bin, no exceptions. >