[click170]

I'm curious, if notifying them instead of exploiting the bug doesn't qualify as 'kind', then what do you call it?

As far as im concerned that's being bloody gracious and generous.

[LXicon]

yes, notifying them is kind. simply not exploiting them is not.

it's like saying i'm being kind for not robbing someone.

[felipemnoa]

Is more like, I found your wallet here it is and all the money is still there. Perhaps honorable is the right word we are looking for here.

[mailinatortron]

hardly. exploiting the vulnerability is clearly and objectively illegal. It is likely to affect not only the company itself but also any innocent customers one might defraud.