Anatomy of a buffer overflow – Google’s "KeyStore" security module for Android
Here’s a cautionary tale about a bug, courtesy of IBM.
Not that IBM had the bug, just to be clear: Google had the bug, and IBM researchers spotted it.
Story added 2. July 2014, content source with full text you can find at link above.