Limitations of code quality to ensure safety of modern software
I don't know if this contest is still being supported. But as you can see, it highlights the limitations of C as a programming language.
So that ensuring "quality" of any C-based safety critical system is not easy, even before we get to the limitations of Linux and open source.
Unfortunately throughout my career I have seen plenty of code examples which, although not malicious in the sense of this contest, comply with accepted development/coding/test processes – but are inherently unsafe, sometimes by design.