I have the mildest of credits in a few open source projects.
I gave a contribution to scripts for the NMAP scripting engine shortly after the NSE (Nmap scripting engine) was released. In turn, I presented at security meetups and conferences about how to write NSE scripts.
I indirectly have credits in a metasploit module which exploit a glibc vulnerability, using an attack vector found in WordPress. This credit was based on contributions I made working within the elite ethical hacker group SpiderLabs.
I have also found my way into contributing to WordPress from time to time. Sometimes assisting the Core team, sometimes revising public CVEs. I regularly help plugin and theme developers by reporting security bugs, which is not always welcome but I am assisting their projects.
Most of my contributions to Open Source come from the many public presentations I give to those communities. After all, contribution can be made in more ways than code.