|
|
|
|
|
|
by nitrogen
5404 days ago
|
|
|
One might argue that, if an unnamed company's e-commerce solution would put a lot of people at risk, and an unnamed engineer can prove it, that unnamed engineer has an ethical obligation to discreetly report the vulnerability first to the unnamed company, then to successively more influential and more public venues (e.g. consumer protection groups, security research groups, etc.), until the company responds. |
|
|