There is an interesting project started by a security researcher that goes by the handle theharmonyguy. Using as a inspiration the “Month of Twitter Bugs”, he plans to find and post XSS/CSRF vulnerabilities in Facebook applications.
Begun yesterday and going on until he finds and posts all known cross-site scripting vulnerabilities, he will post complete technical details of said vulnerabilities after giving the developers a 24 hours notice in order for them to fix it.
Presently, he posted 6, all of which have been patched. The applications in question are the following: FarmVille, Causes, FunSpace, SuperPoke!, SocialToo and YellowPages.ca.
Apart from posting his own discoveries, he is also open to submissions. Once he is finished with them all, he intends to publish for all to see the source code for the attcks, so people can see how hackers can exploit such vulnerabilities.