Generally speaking, releasing a chunk of software that’s full of bugs and security holes is a bad idea. But when your purpose is to educate and enable others to find the problems, the tables are turned.
Google has done just this, releasing the source code for its microblogging application called Jarlsberg.
The idea that you’ll know when something is abnormal if you’re aware of what normal looks like goes in reverse with Jarlsberg. In this case, you have a chunk of code with security holes abounding, and that’s what is meant to catch the users’ attention.
Google goes a step further with the educational value and even provides an Instructor’s Guide on the Google Code University. It’s certainly worth a look, even to the aspiring code monkey, and it’s readily available as open source.