i believe you only dealt with the intended usage of the APIs and interfaces?
this may be the same as someone that sets up a SCADA to the local city water&power and believe the intranet is isolated, until a month later another contract requires for a public server in the office and they just connect the entire thing to the internet.
Let me add to the surprise. I once wrote a nice piece of software that controlled hospital equipment (automated blood coagulation analyzer, to be precise). It is a quite serious piece of equipment used for post-operation patient recovery. As far as I know, a well regulated area.
Equipment went through stringent certification, passed all tests, deployed in hospitals, etc. All well and good, right? Did I mention, that I was 13, when I wrote that piece of software ;) And I guess you can imagine the quality of that code :)
Well, to tell the truth, that story has happened almost twenty years back, before outsourcing really kicked in. Equipment was developed in Russia, for Russian market. And I also had some five years of playing with C/x86 asm, by the time I was 13.
So no, it actually was not that bad. No kids were harmed, and no QA teams in India were involved.
this may be the same as someone that sets up a SCADA to the local city water&power and believe the intranet is isolated, until a month later another contract requires for a public server in the office and they just connect the entire thing to the internet.