ha.ckers.org has a thought provoking post on a young man who posted about some sad security realities at TJX. Basically, the firewall was installed by someone who apparently didn't know what they were doing, password policies are horrible, etc. TJX figured out who he was and fired him...but for what?
Personally, I can't think of a single place that I have worked that there isn't some security malfunction. Think about it...if you are on the inside, you have privileged information that can be exploited. And as we all know, security at most any place will have its weak point.
So, should TJX have fired this non-IT person who picked up on the obvious? Or should they have continued their research into the whistle blower and learned he understands security and both plugged the hole with an NDA and employed him to help fix the problems.
Tough call for some...not so tough for others!