[imiric]

I'm as paranoid about this as you, but this type of verification seems easier today with AI tools. I'm not aware of any that do this, but if LLMs can give insight about what a piece of code is doing, they can surely be trained to detect possible suspicious behavior. Perhaps even by inspecting a binary, but certainly by processing code.

[krpl]

https://any.run/cybersecurity-blog/chatgpt-powered-analysis-... Sort of did this

[lxgr]

Maybe for well-intended code (and even there I have my doubts – the halting problem says hi!), but most definitely not for malicious backdoors at this point.

[BowBun]

I think that's a great use-case. I'd love a real-time security scanning system covering as many open source projects out there as possible.