There is the possibility that the code is so poorly written that the logs expose sensitive information, which is a massive “no-no” in secure software. Take for example a user logs into the system, the authentication service writes to the logs that the user successfully logged in and logs their username and password in plain text.
It’s a very common infosec leak to log sensitive info, but asserting that could be “source code” is asinine. Even if it printed the function call with all its context (which is laughably stupid unless they left debug log level on or something) that still isn’t “source code”.
Obv a bullshit excuse.
There is the possibility that the code is so poorly written that the logs expose sensitive information, which is a massive “no-no” in secure software. Take for example a user logs into the system, the authentication service writes to the logs that the user successfully logged in and logs their username and password in plain text.
It’s a very common infosec leak to log sensitive info, but asserting that could be “source code” is asinine. Even if it printed the function call with all its context (which is laughably stupid unless they left debug log level on or something) that still isn’t “source code”.