What makes a piece of software "malicious"?<p>If I write an open source package to wipe your home directory, is that malicious?<p>If I update my (non-directory-wiping package) so it wipes your home directory, and I document that change in the update license and notes that you must read and agree to, is that malicious?<p>If I develop an OS exploit, and the vendor does not respond in due time, is publication of that exploit malicious?