The secure code review module was a great success from SOC2010. It would be great to enhance it further for 2011.
Possible ideas:
- Extending the rules it uses to find vulnerabilities so it can catch all of the contributed module vulnerabilities announced in 2010, 2009, etc. (this isn't fully practical, but getting just 50% or so would be a great improvement!)
- Abstracting the reporting to something more standard - currently the module uses its own logging mechanism which goes to a flat file. It would be great to use something more centralized like log4drupal
- Anything else a student might find
Jim Berry is an obvious candidate for this if he is still interested in participating as a student, otherwise he would make a great mentor. I would also be willing to help as a mentor on this or any other security related project.