how to alert company of security hole

["Serg B." <sbonlinux () hotmail com>]

Hi All,
Not sure if this question belongs here or not, but ...
I am curious about an approach one would take in alerting a company that 
their web site/e-shop has multiple vulnerabilities.  In other words should 
the individual who discovered the holes contact the parties involved 
directly or anonymously in fear of law suit?
Also, would one be swimming in murky waters if they were looking at some 
reward for the discovery ...

  Cheers,
     Serg
     sbonlinux[AT]hotmail.com
     Your friendly neighborhood geek.

_________________________________________________________________
We've 100s of NEW questions! Play Millionaire online to win $$$$. Click here 
 http://sites.ninemsn.com.au/minisite/millionaire/default.asp


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------