And we all know how well civic duty works as a motivator. If we really want to do something constructive, convince the corpro-takers to open their wallets to fund those auditing functions.
For once, I agree with Mike. (Twice in one year?) Considering how widely openssl is used, and how important it is, it's shameful how little support it gets. I'd also point out that auditing security code is hard, and auditing SSL/TLS code is extremely hard because the spec depends on a lot of unusually arcane algorithms, and its implementation is almost perversely complex (that means PKI and ASN.1.) So random programmer eyes are much less likely to find useful stuff than people who have spent a while learning about the technology. http://jl.ly/Internet/openssl.html R's, John