Hacking and exploiting - How do you deal with any security holes you find?

Question

Today online security is a very important factor. Many businesses are completely based online, and there is tons of sensitive data available to check out only by using your web

Answer 1

"Ive found that Im often testing others applications for exploits and security holes, maybe just for curiosity".

In the UK, we have the "Computer Misuse Act". Now if these applications you're proverbially "looking at" are say Internet based and the ISP's concerned can be bothered to investigate (for purely political motivations) then you're opening yourself up getting fingered. Even doing the slightest "testing" unlesss you are the BBC is sufficient to get you convicted here.

Even Penetration Test houses require Sign Off from companies who wish to undertake formal work to provide security assurance on their systems.

To set expectations on the difficulty in reporting vulnerabilties, I have had this with actual employers where some pretty serious stuff has been raised and people have sat on it for months from the likes of brand damage to even completely shutting down operations to support an annual £100m E-Com environment.