[KhalilK]

"mistakes will continue to be made in code" Not gravely if professional testing of the open source code is put into place. Yes it might be expensive but critical Internet libraries that serve a variety of purposes—with names such as Apache, Ruby, PHP, SSH and Linux– would benefit greatly from deep assessments.

[npsimons]

Someone realized this a long time ago, and the Linux kernel is already being audited and tested, with regression tests, etc (see the Linux Testing Project). OpenSSH is also generally well regarded because of the same scrutiny.

Someone else made the comment that security can't be an afterthought, so PHP will probably never be auditable, and most people agree it should be dropped in favor of more robust technologies anyway.