Isn't this common? They are employees of the company so they should understand different weaknesses of the code and should be able to exploit them.
When I was working at (huge tech company with 8000 employees) we did the very same thing and we were able to get full root-access to our SAAS servers from finding our .svn folders to get a full dump of the system code, then grepping through that code to find system level exec commands.
I would be more surprised if they (facebook or the old company I worked for) had found nothing.
When I was working at (huge tech company with 8000 employees) we did the very same thing and we were able to get full root-access to our SAAS servers from finding our .svn folders to get a full dump of the system code, then grepping through that code to find system level exec commands.
I would be more surprised if they (facebook or the old company I worked for) had found nothing.