Soldato
- Joined
- 9 Jun 2006
- Posts
- 2,642
Hi,
Lets say in a hypothetical situation, I believe there are some serious security vulnerabilities in the software we write/maintain. In this hypothetical situation, I want to prove this vulnerability exists and the effect it has, with no intention to disclose it to anyone outside of the company. I do this out of curiosity and to prove a point, which indirectly benefits my employer. I also do this out of work hours, and without my employer asking me to do such a thing.
I understand that an unsanctioned action like this would potentially cause a lot of displeasure toward me, as first it was unsanctioned, and secondly it 'rocks the boat'. On the other hand, it saves potential public embarrassment for the company.
What would you do in such a situation where you found and proved vulnerabilities (but not disclosing them) outside of work hours, and was unsanctioned? Would it be wrong? Would it be right to be on the receiving end of any wrath dealt by the employer?
Lets say in a hypothetical situation, I believe there are some serious security vulnerabilities in the software we write/maintain. In this hypothetical situation, I want to prove this vulnerability exists and the effect it has, with no intention to disclose it to anyone outside of the company. I do this out of curiosity and to prove a point, which indirectly benefits my employer. I also do this out of work hours, and without my employer asking me to do such a thing.
I understand that an unsanctioned action like this would potentially cause a lot of displeasure toward me, as first it was unsanctioned, and secondly it 'rocks the boat'. On the other hand, it saves potential public embarrassment for the company.
What would you do in such a situation where you found and proved vulnerabilities (but not disclosing them) outside of work hours, and was unsanctioned? Would it be wrong? Would it be right to be on the receiving end of any wrath dealt by the employer?