There is this guy, whose hobby is to do penetration testing for websites of his interest. He's a white hat -guy, so he does his best to inform webmasters. Quite often he reaches nobody and eventually publishes his findings.
Janne's blog is at http://janne.is/. I'd sure hate to see one of my sites listed there.