Ok even if you accept that it fell on one person that caused the error why did disclosure take two Months ? Why were incentives or policies not in place to correct the mistake ?
Terrible, but they did fix it rather quickly once the flaws were disclosed. Given many other such stories, the almost expected outcome would be to deny the problem, have the discloser prosecuted or sued, and put out a fix six months later that made things worse.
It absolutely was a thorough mea culpa. You are also absolutely correct that it was not, at all, a timely mea culpa. The lack of timeliness makes it a much less impactful mea culpa, as public consciousness of the issue is likely drastically reduced, and there will likely be many who now remember the initial uproar but never see the correction.
If there was irresponsibility in the disclosure, it was in waiting so long, presumably allowing many more people to sign up and become exposed to Coursera's negligence.
The cargo cult of "responsible disclosure" needs to die. Responsibility lies with us, the developers.
Failed to patch in a prompt manor. Waited to disclose the issue to the public. Set up a credit monitoring service that was insecure and would auto charge you (the auto charge was dropped after people were outraged). The CEO blamed the whole thing on one person (and that person was not him).
What part of that doesn't seem like a moral failure?
It’s that they knew about it and didn’t disclose it.
When a company IPOs the SEC requires it to file a document that contains all known risks to the business and all possible factors that could negatively impact the company’s value over time. It sounds like they failed to include this specific known incident in their filings with the government.
Credit for owning the scope of the problem (allowing serious discrepancies for 3 years), which is sure to cost them trust from the community. But the skeptic in me reminds me that it's likely there was no way out of admitting it.
What disheartens me is that the documentation discrepancy caused real, extremely substantial aggregate monetary impact on customers, yet there is no mention of refunds. Perhaps that will come, but in my opinion, anything short of that is just damage control.
This is a time excessively demonstrate integrity, for them to go above and beyond. It's in their interest not to just paper over the whole thing.
ah, surely just incompetence or a bureaucratic black hole and not malice.
> But rather than immediately correct the errors, the company dragged its feet for more than two years, the documents show, citing concern about the increased cost to departments that rely heavily on temporary workers,
This is why "responsible disclosure" is a joke. The flaws put in by these companies are not responsible. (Sometimes people make mistakes, but we're at the point of carelessness).
Someone implemented this process, as well as the policies that drove it. They clearly needed an incentive to think through the PR consequences (if nothing else) before imposing their incompetence on a paying customer.
Firing people for negligence in similar situations would likely have had just such an effect.
What happened to responsible disclosure? I mean, fair enough demonstration of how to do something like this, but at least give the company a chance to fix it before publishing to the world.
It was great to hear a story about responsible disclosure working perfectly. Usually all you hear about is when the shit hits the fan and the guilty company is left with their pants down after having months to pull them up.
I still can't wrap my head around there being only one individual involved here and this playing out over decades. Surely there was more than one person working to test and verify here, and an auditor involved somewhere. Then, once discovered something seemingly so impactful yields a paltry fine? Feels like there's a chunk missing from this story.
You explained exactly what happened, and now you're claiming that I can't possibly have any idea of what happened. Do you not see the disconnect there?
You said the time frame was January 24th to February 15th. By using simple math (only addition), I explained how they exceeded every reasonable expectation. They quite literally didn't do anything wrong, and you are publicly vilifying them for it anyway.
reply