A treatise on vulnerability discovery and disclosure
by Anton Chuvakin
I would not call something a "treatise" just because it sounds cool :-) It is really a comprehensive paper on modern vulnerability discovery and disclosure landscape. It even mentions 'vulnerability sharing clubs' and other recent developments in the space.
I especially like this quote that should be read and reread by those who incessantly blabber about "staying ahead of the hackers": "Zero day vulnerabilities are in frequent use among the hacker community. After being used for a period of time, zero days are either sold to security research organisations, who 'ethically disclose' them to the vendor, or simply shared with a wider and wider circle until they become public."