Last week, Diaspora — the OSS privacy-respecting social network — released a “pre-alpha developer preview” of their source code. I took a look out it, mostly out of curiosity, and was struck by numerous severe security errors. I then spent the next day digging through their code locally and trying to get in touch with the team to address them, privately. In the course of this, I mentioned obliquely that the errors existed on Hacker News, and subsequently was interviewed by The Register and got quoted in a couple of hundred places.
J. Bennedssen, and M. Caspersen. Proceedings of the Fourth international Workshop on Computing Education Research, page 15--26. New York, NY, USA, ACM, (2008)