The folks at the Hardened PHP Project (makers of Suhosin) have started their Month of PHP Bugs initiative. This initiative is an effort to improve the security of PHP by bringing awareness to various security problems in PHP itself. This does not directly impact any PHP applications, but instead the language itself. As far as I understand, the plan is to disclose issues that can be resolved by way of just using Suhosin or the Hardened PHP Project. Hopefully the PHP core team will finally wake up and start implementing some of the recommendations being suggested.
note: this post is likely to become a podcast if I can finish recording the show.