OK mate, I am no expert but:

1. Define vulnerability and exploit and their relationship.
2. Where do you learn of vulnerabilities?
3. What do you then check to see if it has that vulnerability? say buffer overflows.........
4. Who do you contact.............software suppliers?
5. What software is affected?
6. What media deal with this sort of stuff? (CERT, SANS etc..)
7. Do you do a POC?

Something along those lines?