Today's award goes to Google. In a recent Online Security Blog entry, the organization admitted:
Tomasz Bojarski found 70 bugs on Google in 2015, and was our most prolific researcher of the year. He found a bug in our vulnerability submission form.
There's more at the link.
How embarrassing it must be to make available an online security vulnerability report form, only to have the form itself identified as buggy! Kudos to Google, though, for being willing to admit it. Some organizations would have done all they could hide it.