Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Zow (zowllnl.gov)
Date: Thu Jun 05 2003 - 14:18:46 CDT
> Due to bug, any source file can be read and the <the company> has spent
> thousands of $ for making the system.
So as I understand it, there's no immediate threat to the integrity or
confidentiality of the customer data?
> Whats the best - report the bug and possible workarounds or let it
> What i am nervous of is that the <the company> could 'kick' me later
> for seeing the sources.
A valid concern. If you are in a position such that you should have inside
information about the system (like took part in its development), I'd say you
have an ethical responsibility to notify the company. If customer data is in
danger and the company won't do anything about it, then I'd say you have a
responsibility to go public, but I would consult a lawyer before doing so.
If you're not in a position that they can finger you, then I'd say, report it
to them anonymously. I don't know what options exist these days for anonymous
remailers, but a Hotmail account from an Internet cafe will probably do the
trick. That will allow you to do the right thing with a minimal possibility