Tesla Motors are cool. Founded by Elon Musk of PayPal and SpaceX fame, they design, build and sell next generation electric cars, which with the right infrastructure could help mitigate global warming and improve the quality of life in general. I'm into that, so when they launched a security responsible disclosure programme I took a look.
Tesla make extensive use of Drupal with a handful of plugins, and security is pretty tight. With a few hours poking around I'd covered most of the site and found a few XSS vulnerabilities, a couple of which were hard to exploit, and an easier to exploit vector in a non-Drupal script I found referenced in a commented out link.