That's one of things that works best about open source stuff is that they get reviewed by more people. If os isn't possible, than it's better from this perspective to try and write in a higher level language that does these kinds of checks for the dev automatically such as Scala / Java etc.. Where the runtime does boundary checks. But if that's not possible as well than this article does suggest some good courses of actions. Good comments on it as well.
