Perhaps this is not strictly related to Testuff, but my article with Dr. Carlos Cid was recently published on SearchSecurity.

Hope it might give some of you ideas on evaluating security for open-source as well as closed-source projects. The scope covers more than security-testing, but touches on elements of testing and assessment for security bugs that might be of interest to the testing community.

Yoav
The Testuff Team