@nerdpr0f - Take that idea and flip it! Use it to see what are the first projects that need to be reviewed from a Threat Hunting perspective!
Seriously! Its a great approach you've created!
Specifically identify projects that would be High Value Targets to a malicious actor and then go through the code with the ASSUMPTION THAT THEY HAVE ALREADY BEEN COMPROMISED.
See how many other backdoors and vulns we can find.
@tinker Ooh, exactly!
https://infosec.exchange/@tychotithonus/112192099235146057
@nerdpr0f