In fact, said Greene, many open source projects don't have strong communities or companies behind them to create the patches and otherwise maintain the projects.
"I want to create a bug-bounty approach, a vulnerability incentive research platform, where we leverage the power of crowd sourcing to find vulnerabilities and create fixes for them," he said. "I'm currently exploring ways to figure out how to do that. Hopefully, pretty soon, we can get it in shape and have it as a new project out of our division."
It would start out with a small investment and a discovery phase to see if it is feasible, he said. There are also issues around disclosure and privacy that first have to be addressed.
"But if we can find zero days before the adversaries find the zero days, and come out with fixes, man, we're making a lot of progress," he said.
Sign up for CIO Asia eNewsletters.