Warning your Boss about Security can get you fired Warning your Boss about Security can get you fired
Page 1 of 5 123 ... LastLast
Posts 1 to 10 of 43
  1. #1

    Nervous Newbie

    developerhalloween2008 has no reputation


    Join Date
    Oct 2008
    Posts
    1

    Default Warning your Boss about Security can get you fired

    A developer's nightmare story for Halloween. The scary part is that this is true.

    First some background: I am a software developer with 10 years of experience and have worked for end-clients that include some of the world’s biggest Technology brands.

    Until recently, I was contracted with xxxxxx, a small company based in London that produce software for the Insurance sector.

    Upon reviewing the source code of one of their products, I immediately sent one of the company directors an email detailing critical security failings, which I cannot list in detail. Ironically, this director claims to be a "Security Specialist", however, he had failed to ensure that the most basic of security safeguards had been observed.

    The next day, one of the Web developers who had worked on the project in question returned from holiday. He immediately began being abusive and insulting which soon degenerated into verbal threats of violent retribution against me. I was prompted to immediately complain to the so-called "Security Specialist" Director that I considered this kind of behaviour to be intolerable (and illegal). My contract was terminated on the next working day.

    I don't imagine the damages I would receive from court action would sufficiently compensate for the long-term damage suing a former employer would do to my career.

    So, let this be a warning: your boss doesn't want to be told (a few days before release) that entire networks of their software could be turned into a zombie botnet by a newbie script kiddie.

  2. #2

    Banned

    tay is too good to be a permie


    Join Date
    Feb 2007
    Posts
    2,904

    Default

    Maybe it isnt what you said.. but the process you followed to say it that got people annoyed?

    And if you think doing good work is the key to being a succesfull contractor.. you are in for a world of disappointment, it is all about schmoozing and keeping permies happy.

    And it was a rookie error not to let the system get hacked and then offer to fix it.. for a fee..

  3. #3

    Contractor Among Contractors

    TheBigYinJames is too good to be a permie

    TheBigYinJames's Avatar
    Join Date
    Jun 2008
    Posts
    1,868

    Default

    Quote Originally Posted by tay View Post
    Maybe it isnt what you said.. but the process you followed to say it that got people annoyed?
    It's not the company director who hired you, it was the local development team. it's them you should be keeping happy, not the company bosses. Going over your handler's head with a serious concern over code quality is not going to win you any friends with the people who sign off your timesheets.

  4. #4

    More time posting than coding

    bored is too good to be a permie

    bored's Avatar
    Join Date
    Apr 2006
    Location
    London
    Posts
    273

    Default

    Quote Originally Posted by TheBigYinJames View Post
    It's not the company director who hired you, it was the local development team. it's them you should be keeping happy, not the company bosses. Going over your handler's head with a serious concern over code quality is not going to win you any friends with the people who sign off your timesheets.
    Indeed. You should have contacted your manager (or even coworkers) first, not the director.

  5. #5

    Fingers like lightning

    Badger has no reputation

    Badger's Avatar
    Join Date
    Apr 2008
    Location
    over the hill
    Posts
    717

    Default

    Sounds like you tried to be a big shot in a small company, but the only thing you did was shoot yourself in the foot.

    Unlucky, learn, move on.

  6. #6

    The beerded one

    EternalOptimist is NOT a disguised employee

    EternalOptimist's Avatar
    Join Date
    Jul 2005
    Location
    Castle Saburac
    Posts
    22,442

    Default

    Who asked you to review the source code? and what did they ask you to do with the results of the review ?
    was the director your immediate boss ?




    (\__/)
    (>'.'<)
    ("")("") Born to Drink. Forced to Work

  7. #7

    Godlike

    Peoplesoft bloke is a permanent contractor


    Join Date
    Sep 2007
    Posts
    5,068

    Default

    Quote Originally Posted by developerhalloween2008 View Post
    A developer's nightmare story for Halloween. The scary part is that this is true..blah.....die.
    interestingly a quick Google turns up other people with a pretty much identical "true" story.

  8. #8

    Should post faster

    kanulondon has no reputation


    Join Date
    Jul 2008
    Posts
    121

    Default

    I could see how the permies would want to give you a bruising...I guess the contract termination was a harsh reality check

  9. #9

    Super poster

    Incognito is too good to be a permie

    Incognito's Avatar
    Join Date
    Jun 2008
    Posts
    3,010

    Default

    Quote Originally Posted by Badger View Post
    Sounds like you tried to be a big shot in a small company, but the only thing you did was shoot yourself in the foot.

    Unlucky, learn, move on.
    WHS

  10. #10

    Richer than sasguru

    DimPrawn is a fount of knowledge

    DimPrawn's Avatar
    Join Date
    Jul 2005
    Location
    Brexit Britain
    Posts
    34,549

    Default

    Quote Originally Posted by developerhalloween2008 View Post
    A developer's nightmare story for Halloween. The scary part is that this is true.

    First some background: I am a software developer with 10 years of experience and have worked for end-clients that include some of the world’s biggest Technology brands.

    Until recently, I was contracted with xxxxxx, a small company based in London that produce software for the Insurance sector.

    Upon reviewing the source code of one of their products, I immediately sent one of the company directors an email detailing critical security failings, which I cannot list in detail. Ironically, this director claims to be a "Security Specialist", however, he had failed to ensure that the most basic of security safeguards had been observed.

    The next day, one of the Web developers who had worked on the project in question returned from holiday. He immediately began being abusive and insulting which soon degenerated into verbal threats of violent retribution against me. I was prompted to immediately complain to the so-called "Security Specialist" Director that I considered this kind of behaviour to be intolerable (and illegal). My contract was terminated on the next working day.

    I don't imagine the damages I would receive from court action would sufficiently compensate for the long-term damage suing a former employer would do to my career.

    So, let this be a warning: your boss doesn't want to be told (a few days before release) that entire networks of their software could be turned into a zombie botnet by a newbie script kiddie.

    I once left a voicemail on the director's mobile saying I'd slept with his grand daughter. You should have seen the backlash! No sense of humour these people.
    I was miserable and depressed, but CUK turned it all around. Now I'm depressed and miserable.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •