At the beginning of each month, we carry out a brief, high-level security inspection. The purpose is to be a sanity check for head-slapping, trivial vulnerabilities that no one expected would be in the code but somehow managed to creep in anyway.
One of @alice, @bob or @charlie should do the inspection if no one else has the time.