Authored Comments

I don't understand what you are saying in point number 2 - the first sentence, "tests don't need testing" seems to stand in contradiction to point 29.

To follow up on my comment about security being a race, I am aware that the security company Coverity (and perhaps other vendors) runs a service whereby open-source projects can have their code scanned for vulnerabilities. I wonder if they have a mechanism to identify attempts by an attacker to submit the code (probably obfuscated and mixed in with unrelated code) from an open-source project they wish to attack, as if it were their own project?