Kwalitee is an automatically-measurable gauge of how good your software is. That's very different from quality, which a computer really can't measure in a general sense. (If you can, you've solved a hard problem in computer science.) In the world of the CPAN, the CPANTS project (CPAN Testing Service; also a funny acronym on its own) measures Kwalitee with several metrics. If you plan to release a distribution to the CPAN -- or even within your own organization -- testing its Kwalitee before creating a release can help you improve your quality as well. Test::Kwalitee and a short test file will do this for you automatically.
Binary packages can be installed with the high-level tool pkgin (which can be installed with pkg_add) or pkg_add(1) (installed by default). The NetBSD packages collection is also designed to permit easy installation from source.
The pkg_admin audit command locates any installed package which has been mentioned in security advisories as having vulnerabilities.
Please note the vulnerabilities database might not be fully accurate, and not every bug is exploitable with every configuration.
Problem reports, updates or suggestions for this package should be reported with send-pr.