[rsync]

Those advisories all came from outside sources, most notably calif.io.

It's not clear to me that FreeBSD found any of them internally ...

[adamckay]

Calif.io have access to Mythos Preview which they've used to find a macOS kernel memory corruption exploit on Apple M5: https://blog.calif.io/p/first-public-kernel-memory-corruptio...

It's probably the right approach to onboard a few independent security companies and task them with reviewing multiple OSS projects than it is to onboard each project individually.