|
|
|
|
|
|
by SamuelAdams
2378 days ago
|
|
|
Why is that? You can't just get code review / deployment approval. You need to have approval that a certain feature or process is wanted / needed for the system. My guess is the sec engineer in this story did not get approval for this feature in the first place, she just went ahead and changed the code. What if this change allowed passwords to be captured in plain text? Browsing history? Surely those are fire-able offenses? So how is this situation any different? |
|
|
Giving her the benefit of the doubt for the sake of argument, you'd agree there's a huge difference between adding malicious phishing code to a company tool, versus displaying a text notification that doesn't fit the tool's original intent?
The text in question read, “Googlers have the right to participate in protected concerted activities.”, which is arguably different than the usual privacy/security warnings that the tool was intended for. But is it a fireable offense, versus an offense that warrants reprimand?
To put it another way, I think very few people would be bothered by Spiers being fired if the text notification she added were "Heil Hitler!". But that kind of content is fireable for a number of reasons. Whereas Spiers note about union rights, while inappropriate for the given plugin, is not patently against Google policy, and (again, assuming it's just a text notification) did not endanger the company.
If an employee tries to set fire to company equipment, they should be fired. If they draw a swastika on a bathroom stall, they should be fired. If they post up a pro-labor pamphlet in a bathroom stall, where it's against company policy to post any materials (regardless of content), should they be fired or reprimanded?