An increasing number of enterprises take advantage of bug bounty programs to identify vulnerabilities and structural weaknesses within software. But outside of these formal programs, informing vendors about security issues can be a legal minefield. Some firms welcome the help of the security community, and seek to reward it with bounties, swag, and offers of employment. Others don’t respond well, and respond with legal threats — or worse, they call the cops. A great example of the latter is the Budapest Transport Authority (BKK in Hungarian), which recently called the cops on an 18-year-old security researcher after he found a…

This story continues at The Next Web