-1

I want to write about how i found a critical security bug when i was working at a company. Am going to stop working there in about a month and was just updating my portfolio with the things i did there over past three years.

The thing is for me this was a very big achievement and i want to brag about it, but my boss told me i have to take it down immediately or i will get in trouble. It was no details about any system or programing language and just a paragraph about it on my portfolio page.

What part of my contract or any contract can give employer right to do so? This just dont sound right that i cant tell other employer how good i am

Improve this question
5
  • 2
    Do you have an NDA with your company?
    – Alex Robinson
    Commented Jun 21, 2023 at 13:21
  • 1
    this is the only part on my contract: The employee must, during and after employment, without limitation in time, observe a duty of confidentiality regarding a) all information he/she receives knowledge of in the work regarding the Company's customers and b) the Company's internal affairs such as business plans, profitability, pricing, employees, methods, processes, routines, code and the like as well as other information that the Company typically wants to keep secret
    – E P
    Commented Jun 21, 2023 at 13:27
  • 1
    I'd recommend adding that information to the body of your question and making sure you have the exact wording as that could well impact whether you can or cannot mention the security bug externally
    – Alex Robinson
    Commented Jun 21, 2023 at 13:30
  • 5
    advice on your particular NDA is individual legal advice and is not appropriate for this site.
    – Tiger Guy
    Commented Jun 21, 2023 at 13:37
  • 1
    > b) the Company's internal affairs such as [...] methods, processes, routines, code.... Do you know what that covers? everything starting from "staplers are in shelp 24B" over "we use Windows 11" to "Root password is 1"
    – Trish
    Commented Jun 21, 2023 at 13:45

1 Answer 1

Reset to default
4

The employee must, during and after employment, without limitation in time, observe a duty of confidentiality regarding [...] the Company's internal affairs such as business plans, profitability, pricing, employees, methods, processes, routines, code and the like as well as other information that the Company typically wants to keep secret

The pure information that the company had at some time a security problem with their product is internal knowledge you only gained through working there. By what is written here, you are indeed prohibited from speaking about it.

If it were public knowledge, you could point to a press release and say "I did that, that was me fixing the problem". That would work. Because it doesn't share anything that isn't public anyway. But you cannot share things the company wants to keep secret.

Finding out whether that contract is legally enforcable in your country and juristiction is the job of a real lawyer, but just as written, they are right. You signed a contract to not do that, not talk about it an certainly not publish it on the internet. So you should not do that, unless a good lawyer you trust tells you otherwise.

That said, "I found a security flaw" is about as impressive as "I found a dollar on the floor". Maybe you can talk about your knowledge to prevent something like it happening. That says nothing about whether or not it happened in your old company, and for me as an employer it is much more valuable to have you on board with structured knowledge you can apply, than with your memories of being lucky once.

Improve this answer

Not the answer you're looking for? Browse other questions tagged .