They do security scans, yes, but not really full-system code-quality review down to the level of every system utility (esp. not those developed primarily elsewhere). At least in the specific case of 'less', it's almost just a formality that it's even in the FreeBSD SVN tree, since the only activity is occasional re-imports of the upstream version: https://svnweb.freebsd.org/base/head/contrib/less/ Afaict, this Illumos initiative is the first attempt in years by anyone to review/clean up the internals.
There are also regular Coverity scans on the whole system (kernel and userspace) for the BSDs; the NetBSD one has been ongoing for quite some time and a lot has been fixed (a lot of the errors now seem to be in gdb...)
