If there's a security hole in PHP, chances are it was found by Stefan Esser, an open-source security specialist. Esser's advisories about flaws in Linux, NetBSD, Samba, Ethereal, CVS, Subversion, MySQL and PHP are legendary. [...] His "Month of PHP Bugs" project thoroughly exposed the insecure nature of the widely deployed PHP language and forced a rethink about security in the open-source world.

Check out the slideshow for other people in the list including Michal Zalewski of Google and Ivan Krstic of the "One Laptop Per Child" project.