Is it a vulnerability when it is obvious the company do not care about security?

shreddit · 2024-09-23T06:56:24.000000Z

Yes. Because who at the "company" does even know about this? Maybe just some coder who wrote it. But the legally liable CEO? Maybe not.

friendzis · 2024-09-23T07:07:20.000000Z

> Because who at the "company" does even know about this?

Everyone who designed engineering requirements, technical requirements, test plan, everyone who wrote technical specifications, everyone who performed traceability. It was all approved by security engineers and management.

> The company was founded during the pandemic when contactless dining became popular.

There were tons of people intimately aware of the issue, yet for four years nobody cared.

prmoustache · 2024-09-23T08:40:16.000000Z

That is his job to make sure he employs people who take care of this and that the services they sell are audited by an independent organization.

Brian_K_White · 2024-09-23T08:08:09.000000Z

Who at the company gets to keep all the money?