So the article focuses on out of date wordpress installations, I really think the NHS has wider security implications given the recent admission of uploading their ENTIRE patient database onto googles servers for ease of deriving statistics ... (http://www.theguardian.com/society/2014/mar/03/nhs-england-p...)
Regarding hesitation of posting the information in the blog post; the author appears to have losely followed responsible disclosure methods attempting remediation with the NHS directly before publishing the findings.
NHS, HMRC etc the information security of these organizations is lax at best, and down right horrifying, without full disclosure forcing their hand I don't see any change.
This is why full disclosure / responsible disclosure formed in the first place.
It doesn't. I wrote a whole section on non-WordPress vulnerabilities. But, yes, patient facing sites aren't quite as critical as some of the backend stuff.
I spent the last two months trying to contact the people responsible. When I finally did, they said they wouldn't / couldn't do anything :-/
Regarding hesitation of posting the information in the blog post; the author appears to have losely followed responsible disclosure methods attempting remediation with the NHS directly before publishing the findings.
NHS, HMRC etc the information security of these organizations is lax at best, and down right horrifying, without full disclosure forcing their hand I don't see any change.
This is why full disclosure / responsible disclosure formed in the first place.