Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Who in their right mind is going whistle blow and risk their entire career over a security flaw that was detected internally, found to be unutilized, and was fixed in a timely fashion?

The fact that such a case even has reporting requirements at all seems nuts to me.



Good - then the person who sees that they didn’t report it can whistleblow on that and get a nice paycheck.

See how that works out for the person who didn’t report it.


I am shocked to see the "let's make writing vulnerable code illegal" take be so popular on HN. If you have written any meaningful amount of code, you have written vulnerable code.


Writing vulnerable code is not illegal, negligence is.


Every case I've seen in my career where this has happened has not been "negligence" but developers not realizing there's some obscure logging middleware or something.


Devil's advocate: my bridge fell down because I didn't know the concrete didn't meet spec still seem like negligence?


Cool story I guess, but that’s not related to anything I said.


An employee who left for another job or simply retired and who feels this was wrong. Plenty of lads in Meta earn enough to buy a house and have some investments that there is little leverage over them to ruin their careers.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: