Jack is a software programmer for a large internet service provider (ISP). He has worked for the company for more than ten years and he is reputedly one of the best in the business.  Recently, he was tasked with the responsibility of adding a new feature to the corporate Intranet of one of ISP’s largest clients, ACME Publishing.  The new feature will allow ACME’s employees to share files more easily. As he began the work, he discovered a glitch in the security for the site that had left the organization vulnerable to outside access for over three years.

Jack was concerned about the glitch. Although he fixed it quickly and easily, he knew that his company was responsible for it. A careful testing of the site at the time it was created would have revealed the problem, so someone at ISP had not done his job well. He checked the security logs and could not find any evidence that the site had been invaded or hacked, but he was concerned just the same.  ACME Publishing’s revenues had been declining over the last few years. One of their most prolific authors took her latest project to another publisher and ACME failed to sign two promising new mystery writers.

Jack informed Mike, his manager, of the glitch. Mike seemed unconcerned as long as the problem had been repaired, but Jack was uneasy. Jack felt that the client should be informed of the glitch, and he felt that the company should take immediate action to test all production systems and to ensure that proper testing procedures were followed in the future. Mike assured him that there was nothing that could be done about the past, and assured him that the legal fine print of the contract with ACME protected ISP from responsibility. “The information on the site is ACME’s problem, not ours – we just design and configure the system,” said Mike.