|
|
|
|
|
|
by imiric
638 days ago
|
|
|
For 3 years? That would mean that no developer has ever raised these issues with management, to speak nothing of an actual pentest being conducted. No, this is not some obscure security hole they forgot about. This is plain incompetence and/or deliberate design decisions. I agree that full public disclosure like this is irresponsible, but exposing issues like this to the public is the only way for such companies to make a change or, preferably, lose business and shutdown. |
|
|