Comment by yujzgzc

From my time in similar companies, some people understand, and might care, but aren't empowered to do anything about it. They've got a job to do, and creatively auditing network security isn't it. Finding this kind of issue on the company clock won't get them promoted, on the contrary they'll look like they're slowing the team down with vulnerabilities to fix when they've got stuff to build and sell. Very poor security culture.