[a3_nm]

If malicious people can add exploitable bugs and claim a bug bounty later, then they can also add exploitable bugs to actually exploit them. So I'd say that bug bounties also work here: they create an incentive to review the code of open-source projects more closely.

[dvt]

After a look at some of the bugs linked at http://www.underhanded-c.org/_page_id_2.html, they are very niche and difficult to exploit in any meaningful way. Not only that, but even a mediocre test suite would find something fishy with most.