There is an ongoing debate about Responsible Disclosure. Is it ethical (or legal) to report a vulnerability in a computer system or website? If a "White Hat Hacker" reports a vulnerability to the owner of the website, he might get in trouble. Read Breach case could curtail Web flaw finders (note that you must read all three linked pages--the alt link has them all together) and answer the following questions:
Eric McCarty found a flaw in the USC website. What danger did this vulnerability pose, and to whom?
Was McCarty's action malicious? Did it cause harm to USC?
Discovering the vulnerability was not itself illegal. What did McCarty do that was illegal? Why did he do it? Be specific.
A conviction in this case would likely discourage other security researchers from reporting security vulnerabilities to websites. How could this effect affect the security of the Web? Explain.