Ask HN: How unethical is it to develop insecure applications?
I've never once worked on a web project where the client was adequately concerned about security and willing to pay for it. Almost invariably it's an afterthought. In some cases a client flat out refuses to pay to make an application secure, even in the case of clear evidence of dangerous insecurities.
So should I refuse to work for people who don't care about security? If I did so, I'd quickly be out of this business.
4 comments
[ 4.8 ms ] story [ 21.1 ms ] threadIt is also your responsibility to comply with local/country and international laws.
I reckon the only time it might be allowed to allow certain exploits/unwanted behavior is in a restricted controlled environment.