The announcement is a couple of weeks old now (I'm still juggling things as I transition from U of T to Software Carpentry), but Google has released some deliberately bad code to help teach software security. Very cool idea; it certainly raises the bar for our work... There's more material here as well.