Google’s bug-tracking system contained its own vulnerabilities, researcher discovers
Bugs in the system could have helped unauthorised parties access details of every vulnerability report sent to Google, opening the door for exploitation before a fix is made available.
Read more in my article on the Tripwire State of Security blog.