But at the end of the day, using the scenario here, the job of the window company is to fix this flaw and stop producing windows with this flaw, not go around and knee-cap someone because they discovered and exploited this flaw.
I'm not trying to defend criminals, but I don't think it's Microsoft's place to knee-cap people who exploit their vulnerabilities, it's their job to proactively find and fix vulnerabilities and not make any vulnerabilities public knowledge without a solution to fix the problem.
You are right in that it is Microsoft's first responsibility should be to correct the flaws in its products and commercial behaviour that allow these problems to propagate. It is however in their interest to also try and find and prosecute these individuals. A few high profile convictions may send a "message" to virus writers that what they do isn't so smart. The only problem we have is that the "good guys" could get painted with the same brush as the "bad guys". The "good guys" being those grey and white hats who find bugs and write proof of concept exploits and post them to forums such as bugtraq. These guys help make the software safer. However as a side effect they also help the morons who write 800k VB viruses cause havoc. Which is unfortunate. But it is ultimately the moronic VB virus coders who are the problem not the people who find the software flaws in the first place. Regards -- Oliver Jones » Director » oliver(a)deeperdesign.com » +64 (21) 41 2238 Deeper Design Limited » +64 (7) 377 3328 » www.deeperdesign.com