Suppose you discover a way to breach security in a Web site so that visitors might access information that belongs to the company. Should you be allowed to publish your fi ndings? Should you notify...

Suppose you discover a way to breach security in a Web site so that visitors might access information that belongs to the company. Should you be allowed to publish your fi ndings? Should you notify the organization? Should the organization pay you a reward for discovering the breach? If they do, would this encourage you to search for more potential security violations? Suppose the newly available information on the Web site is relatively innocuous—for example, offi ce telephone numbers of company executives. Suppose it is not—for example, home telephone numbers for the same executives. Does this make a diff erence?