This is an interesting story. My condolences to McDanel. As a Security Specialist myself I must say that LAW itself is convoluted. From what I gather so far, it seems the other two posers here feel the guy got what he deserved. Naive to say the least.

Let's look at this issue from the standpoint of accountability. If the company had been hacked due to the vulnerability noted by this ex-employee how easy would it have been for the company to (as in the case of our current President) to place the blame on the ex-employee?

He would go to jail for not fixing the problem, so he was damned if he did and damned if he didn't. Now that's a good position to be in. InfoSecurity, who needs it?

There should be something in the LAW that protects those like myself who find these flaws and reports them to management to no avail. Then when the flaw is compromised there would be evidence that they had been warned and took no action taken. Then maybe justice would put them in jail.

Then again, that could never happen, if so, we'd end up putting the vice President in jail.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/179/21535#21535