Codebase for a large financial institution (to remain unnamed) had explicit SQL injection pathways (among other things).
The architect was told about this. Responded by saying that since the customer (the institution) wasn't explicitly paying for robust security, we would be legally liable if we "try" fix the code to make it more secure - but end up causing more issues or bugs. So, "let's just leave it."
🤷♂️
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Codebase for a large financial institution (to remain unnamed) had explicit SQL injection pathways (among other things).
The architect was told about this. Responded by saying that since the customer (the institution) wasn't explicitly paying for robust security, we would be legally liable if we "try" fix the code to make it more secure - but end up causing more issues or bugs. So, "let's just leave it."
🤷♂️