Open Source Web Application Security Alliance
###Problem: We have lots of open source applications out there, run by volunteers. Security issues have been popping up all over the place with the recent rails and rubygems.org exploits, and we'll be feeling the effects of this for years.
###Solution: We have a github org (or even just a mailing list) of vetted open source developers who have expressed interest in helping with security stuff.
In more details:
Github/mailing list with open source developers who have somehow been vetted by the community (no clue how to do this, maybe based off of how many people have signed their GPG key? something else?)
A open source application can apply to join - should have a 5:1 project:dev ratio at most.
Thoughts? Am I insane?