Twitter does a pretty good job locking things down. With the exception of the (embarrassing) brute-force password hack of one of their admin accounts earlier this year, the fledgling micro-blogging platform has a remarkably good history, with only a few exceptions. The same cannot be said, however, of the various applications that have been written to access Twitter's API.

Twitpwn is aiming to change all that, one day at a time, every day this month. Starting July 1st, TwitPwn launched their MoTB (Month of Twitter Bugs). Each day, the blog's author will post a vulnerability or set of vulnerabilities affecting either the Twitter service itself (none so far) or a third-party Twitter application. To be fair, the author notifies both Twitter and the third-party developers 72 hours ahead of time and gives them full details about the vulnerability. After that, it's fair game.

So far the blog's author has gone after URL shortener Bit.Ly and HootSuite, a popular Twitter client, for vulnerabilities that make a user open to Cross-Site Scripting (XSS) attacks. In both cases, the bugs and vulnerabilities have been closed before the blog posts hit the open air.

We applaud the author for his attempts to make Twitter a more secure place to share information. Twitter's lack of an approval process for applications has already led to a proliferation of phishing scams that steal Twitter users' login credentials and spread themselves via the micro-blogging platform. Just earlier this week, Britney Spear's account we hacked via popular Twitter picture-sharing platform TwitPic (boo hoo). Until Twitter gets a formal application / service verification process in place, it's going to be vigilante justice that keeps us safe, and TwitPwn is leading the charge. Bravo, sir, we salute you!