Hi,

Do you mean client (cross-domain information leakage, etc.) or server side vulnerabilities (like xss with HTML5 tags)?

 In my mind at lot of the server-side vulnerabilities are just permutations of what is already known.  In my humble opinion, it would be fairly easy to patch already existing software to search for these vulnerabilities.  It is the client side issues, like SQLI on the client, that seem to be relatively new ground.

I would be interested in contributing code. I'm looking forward to seeing what everybody else turns up. 

Yes, looking at "features" 

I was more looking at a tool doing code review. Having a tool looking at bad code and proposing fixes. Sothing like "instead of write this line this way, why don't you do that?".

To help the developers find possible vulnerabilities in their code before they release it in prod.

But this is probably not that useful... 

You're so right rance, developers don't know anything about security, yet alone security tools.

Ok, I will put my very little free time against something more useful.

Thanks for the replies guys

While there is no harm in writing a tool to help developers check for weaknesses in their code, the use might be limited.
I would say, if you think that it will benefit at least a few people out there, why not go for it.

Also, an exploit would be cool too.