Peteris, > Due to bug, any source file can be read and the <the company> has spent > thousands of $ for making the system. So as I understand it, there's no immediate threat to the integrity or confidentiality of the customer data? > Whats the best - report the bug and possible workarounds or let it > stay? > What i am nervous of is that the <the company> could 'kick' me later > for seeing the sources. A valid concern. If you are in a position such that you should have inside information about the system (like took part in its development), I'd say you have an ethical responsibility to notify the company. If customer data is in danger and the company won't do anything about it, then I'd say you have a responsibility to go public, but I would consult a lawyer before doing so. If you're not in a position that they can finger you, then I'd say, report it to them anonymously. I don't know what options exist these days for anonymous remailers, but a Hotmail account from an Internet cafe will probably do the trick. That will allow you to do the right thing with a minimal possibility of repercussions. My 2-bits, Terry import StandardDisclaimer;
This archive was generated by hypermail 2b30 : Thu Jun 05 2003 - 15:00:23 PDT