External security is not the only outside industry which is going to critique Gridcoin.  The mere fact that we are getting sec. tested for WOOT is a great sign in itself.  The write-up regarding the GRC exploits is well done and very detailed.  I would recommend everyone with technical interests read through it -- it also talks about BOINC and other facets of GRC.  

The main problem with this whole situation is that the sec. testers were not able to maintain contact with Rob, who is the main contact for Gridcoin.  We are looking into ways to solve this issue: [Github](https://github.com/grctest/Gridcoin-Site/issues/70).  If a sec. tester cannot contact an entity, they will publish their work.  It makes sense.

This post, however, is a huge problem.  Nothing as serious as exploits/attack vectors should still be "under investigation" when a public post is made.  That is irresponsible and invites malicious attacks.  

The error is not with the sec. testers which put hours of work into finding and fixing an exploit and trying to pass that information on to Rob.  They are doing what they do, and are doing it well.  

The error is with Gridcoin.  In its inaccessibility and in this very public presentation of attack vectors.  

Did you all know that some of the sec. testers work was actually implemented into the GRC code already?!  The system to tie CPID and private/public key pairs together with beacons is their idea and was sent to Rob last year!  

You would if there was an ounce of effort put into research and confirmation before this post was made.

@erkan, you post a lot of statistics and great information.  I ask that next time any of that information has to do with the security of the Gridcoin protocols or most importantly the security of User's privacy, please put in some due diligence.