I'll discuss my methodology in attempting to download all 50,000 WordPress plugins, automated vulnerability discovery, automated proof of concept creation and automated proof of concept verification. I'll go into where I went wrong, what I'd change and where I succeeded.
Larry W. Cashdollar (Twitter: @_larry0) has been working in the security field and finding vulnerabilities for over 15 years. With over 100 CVEs to his name, he is a known researcher in the field. You can see many of the disclosed vulnerabilities at vapidlabs.com. He is a member of the SIRT at Akamai Technologies.