I know security is pretty important for the web application, but what about windows applications running in a corporate environment, network, not accessible from outside.
Do we need to treat security issues as “high” there, or because that is running in a safe environment, it does not matter much?
Let’s say a Windows Forms (.net) application running on a user’s machine in the corporate network and it has something like this issue
**CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)**
If that is a web application, I understand the risk is super high. But in the case of the windows app, should it be fixed or just ignored, especially if we consider the cost associated with fixing it?