Well the standard blocking software is open source, simple and controversial. Controversial open source software gets checked by lots of people and because it is simple issues would get flagged.

Had you not added "simple", I'd have had a strong case in point with OpenSSL. OpenSSL has always been at least a bit controversial (i.e., breaking binary compatibility on not just a patch release aka x.y.Z, but a semantic level even lower) and issues have still gone undetected for a long time.