Hacking

1768 readers

1 users here now

This is the community for all things hacking and cybersecurity, try keeping it legal. That said I don't take any responsibility for anything that happens/comes from this group but I will try being the best mod that I can to prevent anything from happening.

founded 4 years ago

MODERATORS

qarmah@lemmy.ml

what is the best way to report internal security concerns in a corporate environment (programming.dev)

submitted 1 year ago by angrydev@programming.dev to c/hacking@lemmy.ml

1 comments fedilink hide all child comments

I have repeatedly fund security concerns when working on internal applications. Simple things like sql injection, hard coded credentials, and privileged containers being run as the standard. I brought these up with my team lead, but he says that since its in the dev environment, it does not matter. To me, that is the totally wrong attitude to have about security. We should teach our developers how to not make these mistakes and fix them as we find them. Should I go over his head to report it to other managing parties? I want to say more, but am being as vague as possible just in case. How do I go about reporting internal vulnerabilities in a responsible way that won't make everyone hate me? I honestly believed that people would be happy to hear about their problems from me rather than get exploited but it does not seem to be the culture here.

you are viewing a single comment's thread
view the rest of the comments

[–] Pantherina@feddit.de 0 points 10 months ago

Do the Mr Robot thing and hack your supervisors lol, find out some bad thing, whistleblow a bit and that is it.

Or simply after contacting "the Developers" and they dont respond publish the findings