But any decent code review process would’ve exposed this, or at least a data surveillance system that checks this stuff. I’ve received a few notifications about my logs storing inappropriate data, as a result of a scanning system.
Some manager knew about this during a code review, and signed off on the risk because it was only in-house.
Never assume malice when something can be explained by stupidity
I generally agree.
But any decent code review process would’ve exposed this, or at least a data surveillance system that checks this stuff. I’ve received a few notifications about my logs storing inappropriate data, as a result of a scanning system.
Some manager knew about this during a code review, and signed off on the risk because it was only in-house.