Hacking and exploiting - How do you deal with any security holes you find?

Question

Today online security is a very important factor. Many businesses are completely based online, and there is tons of sensitive data available to check out only by using your web

Answer 1

I once reported a serious authentication vulnerability in a online audiobook store that allowed you to switch the account once you were logged in. I was wary too if I should report this. Because in Germany hacking is forbidden by law too. So I reported the vulnerability anonymously.

The answer was that although they couldn’t check this vulnerability by themselves as the software was maintained by the parent company they were glad for my report.

Later I got a reply in that they confirmed the dangerousness of the vulnerability and that it was fixed now. And they wanted to thank me again for this security report and offered me an iPod and audiobook credits as a gift.

So I’m convinced that reporting a vulnerability is the right way.