Imagine this if you will. You are a Computer Science major working on a mobile app that would help students at your college access their accounts using their mobile phones. During the development process you discover a major vulnerability that would allow anyone to access virtually all data that the college has collected on its 250,000+ students (including their social security numbers). You would want to alert the IT department right away wouldn't you? Well this scenario happened to Ahmed Al-Khabaz at Dawson College in Canada. Khabaz brought the vulnerability to the attention of François Paradis, the Director of Information Services and Technology who said that he would work with the vendor to patch the issue. A few days later, Khabaz ran a program to test whether or not the vulnerability had been patched. The vendor, having been alerted to the issue, was watching and alerted the University. The University decided to expell Khabaz for running the program without permission.
Brendan Spaar thinks that Mr. Khabaz should have just kept his mouth shut about the vulnerability. The University was looking for a reason to kick him out and found it. Things aren't all that bad for Khabaz though. He has several job offers including one from Skytech Technologies, the vendor responsible for the security vulnerability.