The Heartbleed fiasco has a lot of us realizing that somebody should be doing a formal, independent, ongoing security review of important open source projects.
You may be surprised to learn it’s already been done by the Homeland Open Security Technology program at DHS. Great idea, right? It cost us $1.24 million over three years. That’s a pittance. We should double it. At least.