Justifiably evil, or just wrong?

[Cryptovirus]

I'm going to put myself on the scale here, albeit a little reluctantly.

So, over the past few months, I've been discovering and disclosing vulnerabilities in IP.Board. So much so, that the president of the company offered me a complimentary license to do my testing. Obviously, with the source in hand, I was able to find many more problems than I would've otherwise.

Where the dilemma comes in - I have a forum based around security which is pretty new and has the need for publicity and members. To this end, I would release the aforementioned vulnerabilities to the public mere hours after they were fixed in the latest revision. (my forum is powered by vBulletin - I wouldn't find vulnerabilities in IPB if I was using it, because I'd be too lazy to update manually and too paranoid to wait for patches)

While it led to an increase in traffic, the new people rarely register.

Anyhow, IPS is aware and hasn't complained about this and I still hold the complimentary license.

My question is, should I continue to search for vulnerabilities using the complimentary license, as well as giving out tutorials on how to pwn this very software. And whether there would be a viable case against me in a court of law.

[fashizzlepop]

Asphinctersayswhat?

Yeah, I don't get your question.

[tremor77]

When you say you have a forum based around security.. you have an actual forum using the IP board software? or you have a competing forum software that you feel is more secure? Just having a little trouble deciphering the post there... not really sure what your question is.

[Cryptovirus]

Modified OP to pose a clearer question.

[fashizzlepop]

They gave you a FREE license... that means (the court would see it this way) that they WANT you to test it out. I would at least make sure the developers know about the security issues before you release them publicly.

[Szayel]

So what you are saying, is that is it wrong for you to fix the company's software, while showing people ways to get past the very software you fix?
I don't think it's something that's necessarily wrong, but you could go to court for it if the company felt that what you are doing is affecting their software.

[LoGiCaL__]

I wouldn't expect any answers on this and a few of the others you posted. The last post is about 2 years ago. You can check the last post date under the post title.

[Szayel]

I wouldn't expect any answers on this and a few of the others you posted. The last post is about 2 years ago. You can check the last post date under the post title.

Oh, I didn't even notice.