I'd like to add an example from the old days: "Ralf Brown's Interrupt List" [link]. It's a list of interrupts used by various software packages with documented weaknesses (typically register range checks). Whenever I'd write an ISR I'd check the list to avoid collisions with other software. Others would use it for writing exploits, the list contains a plethora of attack vectors.
[link] http://www.ctyme.com/rbrown.htm