All software contains bugs. A subset of those bugs are security flaws that allows a malicious individual to cause software to do something it shouldn't do. The best example of this is when a remote attacker leverages a flaw in a public facing service (web server or mail server for example), which then allows them access to machine resources.

(:This is only an outline, additional content needs to be filled in)

The upper page has a couple of external links on the topic.

A security flaw is most easily described as a bug, when given the right circumstances, could lead to the compromise of confidentiality, integrity, or availability of computing resources.

• Just as you take your software personally, they treat their research the same way.

• Most of them will have a rather impressive understanding of why your software is flawed. They will be happy to help

• The PR a researcher gets is one of their driving goals. If you play to their vanity, they will be eager to help in the future.