Re: My contribution to the fun.
I have the opposite story to tell, unfortunately. I'm posting anonymously and not naming to protect them, though why I want to is anybody's guess.
I was hired as a security specialist and a software developer. The company did systems admin for local clients, but I wrote code for tools for the admins and for some other things the company did. I was asked to write a summary of recent security problems seen by clients and to give some general advice, said article to be posted on the blog. I did this. Then, I was asked to post it to the blog with my new site administrator credentials. I did that too.
This is when they decided that I should fix the problems with their blog. They had hired a web design group to create the thing, which meant that it was a word press site with some random plug-ins. All of these were now seriously out of date, and almost all had known security vulnerabilities. After reporting this, I was asked to update everything.
I don't do web design. I maintain my own site and a few smallish ones for friends, but I know how they work. I've never used word press and I also don't write complex pages with lots of graphics, which was the design scheme these people were using. I was working on fixing this when another employee, having cached the part of the conversation where I said "I've never done that before and it's not really related to what I'm supposed to be doing", but not the part where I said "so you'll have to give me a few days to let me test things thoroughly", decided to go in and update all the word press plug-ins and then word press itself, on the production webserver.
The results were to be expected. The site broke immediately because word press didn't like the old configuration file. I found the problem with that and fixed it, but even though the site was now functioning, some plug-in or other had messed up the layout of the page. You could read things, but there were pictures in the wrong places and the page was even more disorganized than originally. I tried to figure out why this was, but the other person had reported the problem to my boss. My boss did not appreciate the new layout, and was rather insistent about having it repaired immediately.
I did not figure out the problem with the page. Facing increasing levels of concern from superiors as they passed the news up the chain, I resorted to restoring the site from the backup, before all the upgrades. The design was back to normal. All the security problems were back as well. I thought that this would simply be a small speed bump and that I would resume the process to perform a proper upgrade, at least until I was called into a meeting with various levels of superiors. The purpose of the meeting: to describe what went wrong when I updated the site and what I would do to avoid making a mistake like that again. My colleague had chosen to explain the problem with the site as the result of my changes.
In the end, I left the company (for other reasons but this incident didn't help). My colleague who broke the page was promoted. Oh, and by the way, the page is still really insecure. I just checked it. Someone should really fix that.