Beelezubb,
I think you have miss read the article. He was an employee. Which in my eyes does not constitute as a breaking and steeling client details. The actual article is a double edge sword, your damed if you do damed if you don't.
What would happen if he was the security expert in charge of the maintaining integrity of data and someone else found the vulnerability? He would have lost his job just as quickly as being a whistle blower.
Bugtraq is all well and good. What happens if the developers never visit of have knowledge of bugtraq? The Organisation I work for had no reason for visiting Bugtraq and their product is full of security holes. They are one of largest super funds providers in the US, asia pacific region. I could post volumes of vulnerbilities to bugtraq, and none of them would be fixed because the developers know little about secure programming let aloan what bugtraq is. Their idea of security is lets have a firewall, and rely on microsoft to release security patches. Buffer overflows, DOS attacks and the term RDBMs are martian to these programmers. Who still program using the old card programming principles, and old cobal development techniques. What do you do about educating people who still thinks cobal rocks?

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/179/21572#21572