What additional means can be taken to improve the security of Gpg4win?
Given more budget/development power what measures should be taken, ranked effectiveness.
There is an article http://www.dwheeler.com/essays/heartbleed.html
More automatic tests
Especially more negative tests, more fuzzing.
Map out the security requirements of the Gpg4win components.
.. the components and their role during usage should be examined. Best would be a fault or attack tree analysis. It will not be feasable to do the same level of examinations on all components, some are big (Qt for Kleopatra), some are quite small like the core implementatio of ECC.