A Warehouse developer is upset at the retirement contribution reduction. He introduces a OS command injection backdoor into the system during routine development and sells that vulnerability information to hackers online. A white hat hacker finds the vulnerability, and reports it - did you listen?
Mitigations:
Revise severity assessment criteria (new action)
Insider threat policies mitigate a lot, but seminar doesn't
Code reviews are likely to find this
Fuzz testing might find this too. API or Warehouse
Learn injection would have helped. API or Warehouse
Distrustful decomposition helps here too. Warehouse.
Two-factor authentication helps prevent stealing of passwords.
Event idea:
Mitigations: