[delichon]

It requires programming in a language specific to one little known db product, in an extremely brittle and spaghettified code base . There's exactly one person in the company who kinda knows how to do it, and they're unavailable for the foreseeable future on higher priorities. We don't have the money to throw at new hires or huge porting projects.

Imagine software that has been in production since the 80's, was written by a very inexperienced dev and has since been continually "organically" upgraded to handle any new promise that a nontechnical product manager feels is necessary to solve the immediate problem of an angry customer. It's a Jenga tower with a reset button.

[scoot]

> they're unavailable for the foreseeable future on higher priorities

Need I respond to that?

[delichon]

If you know the secret to getting a company to prioritize potential security problems that haven't yet emerged in forty years over meeting payroll, please share.

[grayhatter]

why does it sound like you're defending the argument of;

I couldn't act ethically because I had to make money.

[delichon]

My paycheck depends on reconciling myself to it. Should I quit possibly my last job before retirement in a bleak job market to protest my manager's decision to protect her job and mine by putting revenue before protecting jane@doe.com's login from being stolen for the Nth time? Am I the bad guy?

[grayhatter]

It's not my place to define your ethics for you. I'm pointing out so any other readers can be innoculated from accidentally stumbling into this ethical minefield.

I'm not telling you stealing bread so your family doesn't starve is unethical, I'm pointing out it's stealing.

No idea if you're the bad guy, but you're not the ~~good guy~~ hero, no.

[delichon]

I'm a participant in sub-criminal negligence rather than stealing. I'd call that a lesser offense. And it's a failure I have mitigated by working to protect the data. I can't claim innocence, but I sleep OK.