Comment by tripzilch
6 years ago
It's funny when this happens in our industry. It's called a security vulnerability. And if someone were to write a blog article about finding it, but also exploiting the fault several times over for their own financial gain, we'd be all up in arms over it, right?
Even if the exploited party itself it shady as hell. Say they were a credit card scammer, someone found a way of conning them for money, does that for a while to make some $$$, and then proudly writes a blog article exposing them.
Maybe I'm missing something though. That's looking at it rationally (?), but part of me also feels like, screw Doordash.
Nobody intentionally includes security vulnerabilities in a product. This is something that Doordash knows they are doing and have decided to do, not something they are doing accidentally.
Even taking a negligent security posture is not the same as intentionally including a flaw.