I'm sure there are orgs that audit FOSS code for security and privacy. Could you guys let me know what some of the main orgs that do this? Do you have any ones you like in particular.
Otherwise, sometimes governments or hacking contests, like Pwn2Own, do audits/pentests, but you pretty much just have to be a well-known open-source project either way...
Ah, I think I may have used the wrong terminology (though thank you for the respobses). What I'm really looking for is an organisation that provides public reviews of FOSS codebases and assesses their privacy and security. Is that a thing?