In a perfect world that might happen. Sadly people are not happy, if you point their mistakes at them and they can get very agressive against you, especially when their job or their public reputation might be at stake. Add some age difference of over 20 years and an IT education that started with punching holes into cards and you are fd. Then going to offer them your assistence wouldn't be the smart thing to do, don't u think?

It really would make great sense to create an 'report exploits' link on your site/software so that people know they can freely contact you about this kind of thing without repercussions. I actually got one about 2 days ago for a forum I coded because of such a link I put there.

It might be interesting to even make a whole website dedicated to exploit hunting and allow companies to register themselves.

Well, we were kids back then, and I think they took it as one of the risks involved in teaching programming. They surely threatened him, but they just wanted us to stop. So, as we knew that if we kept on infecting the pcs, they would punish my friend, we had to stop. But at least we kept some of our benefits (internet access, etc)