says Brenno de Winter, and I totally agree. Too much software is poor, not because it is built on top of open source software, but rather because it is not verified. If you use free software, you are obliged to check that it works properly and securely, just like you do with proprietary software. That is exactly my standpoint and the reason why I want to see more testing and CI/CD processes implemented. I am a huge fan of TDD for that reason, and BDD in addition. But that isn't everything. You must never forget pentesting, i.e. checking weird cases but also - in especially - very common attacks and techniques. Thankfully, OWASP (http://owasp.org) is regularly publishing a top 10 list of common issues, and many security people are blogging about their expertise, like Gareth Heyes (http://thespanner.co.uk) for example. Many put their talks from conferences online, in forms of recordings, slides, demos and so on. So please, open up your minds and wallets a bit to provide more secure software. You *can* do that for sure, no excuses!