My experience of vulnerability disclosure
Talking about my experiences (and frustrations) of trying to responsibly disclose JolokiaPwn.
Security
JolokiaPwn - Information disclosure, DoS and more in Java web servers
How the popular tool Jolokia, commonly deployed in J2EE applications but also commonly misconfigured, can be used to disclose information or execute commands, often without authentication.