How good is your web site security?

(Update August 28, 2018: I am delighted to report that the firm mentioned below, that had had a “C” rating for their web site security, has today corrected the problem and now has an “A” rating.)

There are many ways that a web site could be insecure.  One of the ways is to implement SSL (“https://”) poorly.  It turns out to be quite easy to find out whether your SSL implementation is strong or weak.  You simply plug your web address into the SSL tester provided by Qualys.  Maybe your web site will get an A+ rating!  Here are how some well-known intellectual property law firm web sites performed in this SSL test.

My starting point was the 2017 US Design Patent Tote Board which ranks firms by the number of US design patents obtained in 2017.  Each firm has a web site, of course, and I plugged each web site into the SSL tester.  (In this table of results I have omitted the names of the firms, but you could do the tests yourself and you could pretty quickly figure out which firm got which rating.)  Here are the results for the first few firms:

As will be seen, one of the firms has a web site that got an overall rating of “C” and is vulnerable to a Poodle attack.  One firm got an A+ rating.  The others got A ratings.  I was interested to see that only one of the firms still pays money for its SSL certificate — four of the firms have migrated to the free-of-charge Let’s Encrypt service.  All of the firms tested have PFS (Perfect Forward Secrecy), but only two have HSTS turned on.  Not one of the firms has set up CAA protection.

How are patent office web sites doing?  I tested some of them just now and here are the results.

How does your firm’s web site rate on the SSL test?  (This blog gets an A+, as does my firm’s main web site and my firm’s shopping cart system.)  Post your good result in a comment below!