Hackers and true "black hats" will not be deterred from the terms of the EULA, however -- let's face it, they probably never bought the code in the first place and never entered into the clickwrap EULA. Thus, the "bad guys" will pick apart the code to discover and exploit the vulnerabilities. The implications of the Lynn case are that you must first ask permission of the software vendor to pick apart the code. I can imagine vendors granting permission with restrictions, whereby you can reverse engineer the code to find vulnerabilities, provided that you agree to tell US about them -- and never ever tell anyone else. In other words, they get the opportunity to fix the code, and nobody is the wiser.