.Apparently the Eve Online client source code was released on a torrent by a frustrated reverser after confronting them about security holes and being basically told to screw off. This has been slashdotted.
I think this makes it pretty evident that we need to establish some realistic rules of engagement regarding how to approach the content creator of a reversed software if the need arises. I've personally come across this problem too, and I think we need to establish some understanding. The simple fact is that most creators are zealously protective of their work and probably (incorrectly) think reverse engineering is illegal.
How do you approach someone with these feelings to tell them they have a security hole in their product, or they missed a key performance improvement?
To start by asserting you're not the enemy doesn't work because they typically panic with "reverser=enemy" and block out anything relevant you might say like "I'm not here to ask for anything, I just found something you should know about". I know this from repeated experience.
So how?
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}