A professional Internet security expert, aka a "white hat hacker," claims that it will take a year to fix the security flaws in the federal Obamacare website.

David Kennedy, chief executive of TrustedSec, testified about the flaws in HealthCare.gov before Congress last week, and this morning appeared on CNBC to convey the same message.

"When you develop a website, you develop it with security in mind. And it doesn't appear to have happened this time," said Kennedy, "It's really hard to go back and fix the security around it because security wasn't built into it, We're talking multiple months to over a year to at least address some of the critical-to-high exposures on the website itself."

Another security expert, Morgan Wright, CEO of Crowd Sourced Investigations, said the site needed to be shut down and rebuilt from scratch. "There's not a plan to fix this that meets the sniff test of being reasonable," Wright told CNBC. He also testified before Congress last week.