] "I am a U.S. university student who has recently come
] across 2 remote exploits for a homework program used by
] colleges nationwide. Both vulnerabilities allow students
] to give themselves arbitrary scores, and possibly execute
] arbitrary code. To further emphasize the scope of this
] vulnerability, I have written and -selftested
] proof-of-concept exploit code. Naturally, I want to share
] this information with their software engineers, and would
] even be nice enough and suggest a means to fixing it.
] However, with the state of current intellectual property
] and reverse-engineering laws, I hesitate to do so out of
] fear of litigation or academic disciplinary action. As an
] ethical geek, what do -you- do?"

this sounds familiar.