Open Source Security Testing Methods?

bewmIES asks: "We just conducted this interview with Pete Herzog about Open Source Security Testing Methods over at LinuxSecurity.com. I was curious to know if anybody is actually using these standards. With the bad reputation most software has in regards to security, I think this is a step in the right direction. Somebody who does not know much about security can read a manual giving them a crash-course, and then a 'Security Q&A' type person can audit the software. In the real world I don't know how practical this is, but it would save a lot of the egg-on-face incidents due to a simple buffer overflow..."