> Possibly even information relating to customers, or technical detail that can be exploited?
Yeah for sure.
Sometimes you need customer information to do your job (e.g. to repro a bug that only one person has seen). Facebook does a good job of making this available easily and quickly people who need it, while auditing and firing anybody who abuses the privilege to access data that is not strictly needed.
Regarding technical issues, you want as many people as possible to know about it so that it gets fixed quickly, other people know how to avoid the same mistake, and you build a culture of not keeping your own mistakes to yourself.
I didn't say technical issues, I said detail e.g architecture. Not all architectural issues are bugs that can be fixed if known.
In any case, building a "culture of not keeping your own mistakes to yourself" won't help when a bug is discovered by someone who intends to exploit it. 0-days borne from internal disclosures are not a "culture" problem.
Yeah for sure.
Sometimes you need customer information to do your job (e.g. to repro a bug that only one person has seen). Facebook does a good job of making this available easily and quickly people who need it, while auditing and firing anybody who abuses the privilege to access data that is not strictly needed.
Regarding technical issues, you want as many people as possible to know about it so that it gets fixed quickly, other people know how to avoid the same mistake, and you build a culture of not keeping your own mistakes to yourself.