Well, at least he didn’t publish the details of how the badges work and how many digits in the code to open the doors.
I once had access to a huge cobalt-60 cell used to sterilize stuff like medical gear and band-aids and clinical petri dishes. When you think of Dirty Bombs, this would have been a granddaddy in the wrong hands. Megacuries.
I saw a vulnerability about access I didn’t like, and the manager said it was covered, don’t worry.
Should I have gone public and explained how to access and remove the source rods on YouTube and in the NYT? The place is still in operation, it’s not too late, though they have not had an incident.
Did you get a satisfactory explanation of why it was not a vulnerability?
Or did you just take the manager's word for it?
A manager who might lose his job if there was a real security breach?
This is the mindset which this thread is about.