Are you obligated to point out security flaws if you’re just hired for a small job?
Dokkat was contracted to do a small job on a website for a large corporation. After giving the project a once over, he realized the code base was full of security risks:
“Lots of PHP files throwing user get/post input directly into mysql requests and system commands.” Dokkat says the programmer responsible has a family and children, and he doesn’t want to be the one to put this employee’s job in jeopardy. How should he proceed without throwing someone under the bus?