Tools catch security holes in open source code This year has been the best of times and the worst of times for open source code and security.