I have to second this. Running an automated vulnerability scanner is the bare minimum anyone running Internet-facing servers should do, and will only detect certain types of known security flaws. It says
nothing about the application-specific security of the site (i.e. how secure the actual code and processes are for the exchange).
How does that make them the most secure? I've had an external audit as well but posting results of a vulnerability scanner mean absolutely nothing.
Please keep posts fair and don't spread ideas etc that you cannot prove.
Target met way more requirements than atomic-trade did and they were still breached, is atomic-trade more secure than RSA? They are huge security company and they were breached as well.
I understand you like atomic and I agree they have great security practices but please don't make unprovable comments.
