In an effort to keep things a bit more secure (after finding out about this) the symfony team has officially released their own security policy to help prevent issues like that in the future.

You may be wondering why it has been taking us such a long time to react. Here's the main reason: we had not a very strong security alert reporting and qualifying process. This has been fixed recently. So as of now, if you find a security bug in symfony, please send an email to security at symfony-project.com, with as much details as you can and ideally a patch if you can provide one.

The wiki has a whole section on how to report security issues to get them to the right place.

As is pointed out both by Cal Evans and the Zend Developer Zone, there's been another article posted due to the response from the (now infamous) CIO article - "PHP's Enterprise Strengths and Weaknesses, Take 2" (by Zend's John Coggeshall).

So, in the digital toolbox of the developer, where has PHP been designed to work best? And where is it, perhaps, not the best tool for the job? [...] While other languages can surely be used to solve The Web Problem, in this article I explain why PHP is the premier solution for server-side Web scripting.

John talks about how PHP was written for the web, how it approaches and handles web requests, the security of the language and some of the major software packages that are being used in PHP development today (like the Zend Framework, PHPUnit and PECL extensions).