] "I am a U.S. university student who has recently come ] across 2 remote exploits for a homework program used by ] colleges nationwide. Both vulnerabilities allow students ] to give themselves arbitrary scores, and possibly execute ] arbitrary code. To further emphasize the scope of this ] vulnerability, I have written and -selftested ] proof-of-concept exploit code. Naturally, I want to share ] this information with their software engineers, and would ] even be nice enough and suggest a means to fixing it. ] However, with the state of current intellectual property ] and reverse-engineering laws, I hesitate to do so out of ] fear of litigation or academic disciplinary action. As an ] ethical geek, what do -you- do?" this sounds familiar. Disclosure of Major Software Exploits by Students? |