This is something that hasn't yet made big news, but I don't know why not. For over a year now Coverity, funded by the Department of Homeland Security's Open Source Hardening project, has been working to report potential security flaws in open source projects. The company recently announced that eleven projects had been sufficiently proactive in responding to defect reports that they now move to "rung 2", giving them access to further levels of Coverity's hardening technology.
Of course Python is one of those projects. It says a lot for the developers that they responded so aggressively to the reports (some, inevitably, were specious but several represented significant issues that thanks to this initiative will never trouble Python users). The bottom line? Python, like Amanda, NTP, OpenPAM, OpenVPN, Overdose, Perl, PHP, Postfix, Samba, and TCL, is a project whose developers take correctness and security seriously.
I anxiously await the results of the first scan of some Microsoft product, but I am not holding my breath. Even if the scan takes place (and for all I know Microsoft are using Coverity's scanners every day) Microsoft would not publish the results. This shows the value of openness, one of open source's major benefits: you know that security issues aren't being swept under the rug in the name of profit.
The tail end of a ZD-Net article suggests that some people are less than happy about this project because they feel it will lead to ill-informed discussion about security problems in open source software. While this isn't a battle that will be won in a day, being seen to assiduously fix reported software problems will eventually win against the lip service paid to security by so many commercial vendors. If you're looking for well-informed discussion then this blog is the place to come (he wrote, modestly).