1. Rewards: Provide good rewards for honest maintainers. Pay them out of government grants or get private funds to pay them. Give maintainers respect/status, community, and money. Tie the security of a product to this funding process. Rewards for no independently discovered remote exploits for X months, etc. Rewards for independent users finding and disclosing exploits.
2. Punishments: Intentional inclusion of security holes should be treated as a criminal act. FOSS maintainers who break the trust which is placed in them should be viewed as untrustworthy and anti-social. Have very clear red lines and very clear consequences. Pass laws which make it illegal for any actor , including the US government to petition a vendor to include security holes and backdoors.
3. Technical restraints: Have a two-person rule for commits. Open code reviews and cryptographically attestable append only revision systems with signed commits. Forbid coding styles that make it easy to obfuscate code. Fund independent code audits like the audit truecrypt project. Ensure the code which is published is the same as the code that was audited. Require deterministic builds.
1. Rewards: Provide good rewards for honest maintainers. Pay them out of government grants or get private funds to pay them. Give maintainers respect/status, community, and money. Tie the security of a product to this funding process. Rewards for no independently discovered remote exploits for X months, etc. Rewards for independent users finding and disclosing exploits.
2. Punishments: Intentional inclusion of security holes should be treated as a criminal act. FOSS maintainers who break the trust which is placed in them should be viewed as untrustworthy and anti-social. Have very clear red lines and very clear consequences. Pass laws which make it illegal for any actor , including the US government to petition a vendor to include security holes and backdoors.
3. Technical restraints: Have a two-person rule for commits. Open code reviews and cryptographically attestable append only revision systems with signed commits. Forbid coding styles that make it easy to obfuscate code. Fund independent code audits like the audit truecrypt project. Ensure the code which is published is the same as the code that was audited. Require deterministic builds.