Reprinted from Stack:

Is Hackaday an appropriate place to out evil hacks so that people will be on guard against them and thus safer? 

I can't see going straight to the public police with something highly technical.

[Dual use means having a destructive use as well as a constructive use, like nuclear energy.]

Replies:

KrisKeillor:
I don't think it's ideal, it would be better to speak to security experts first so some kind of mitigation can be created before the hack is made public.

If you are the first to discover a poison, at least look for the antidote before you release it to the wild.

If no mitigation can be found, at that point putting the word out in a security network or even going public is appropriate. It's better to know the threat than be in the dark.

trigger182 wrote 4 days ago:
What is your goal?  To raise awareness? Drop it at at a EDU forum if you want to stay anonymous. Shoot an email to a secops company

Zax3970:
It is usually also prudent to contact the manufacture of the hardware or software the has a potential vulnerability first. If you get no response or feel the response is lacking the priority needed you can then start contacting the authorities. 

Here is a good place to start:

https://www.cisa.gov/coordinated-vulnerability-disclosure-process

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note added by DMM: a less obvious threat than nuclear energy is advanced medical technology that, hypothetically, could be aimed either into a patient's body or into the parking lot. 

https://apl.uw.edu/project/project.php?id=boiling_histotripsy

Next question: what is the level of evidence needed for contacting the authorities?