* External code should be considered a a security vulnerability, whether or not it is being served "securely". *
I work for an exchange. Let's just say that the lead IT people don't even know how to spell "security', let alone paying the slightest attention to any of the basics. Glad I'm not the CISO, as far as I can tell she's only there to take the blame when the inevitable happens.
Biting the hand that feeds IT
