Topic for discussion

Suppose you discover a way to breach security in a Web site
so that visitors might access information that belongs to the
company. Should you be allowed to publish your findings?
Should you notify the organization? Should the organization
pay you a reward for discovering the breach? If they do, would
this encourage you to search for more potential security viola-
tions? Suppose the newly available information on the Web
site is relatively innocuous—for example, office telephone
numbers of company executives. Suppose it is not—for
example, home telephone numbers for the same executives.
Does this make a difference?