Fortify just posted a nice blog post about the audit they did on several reference implementation that compete for being the next NIST SHA-3.
They do not release much information on their findings: only one is described. I would have really like to see how powerful was the analysis (if it was) to find these problems.
It could be nice too to see other tool vendors, such as Grammatech, Klocwork, Coverity, etc. to do the same, and then, start another competition ;)
I'd really like to emphasize the conclusions in the Fortify's blog post:
Reference implementations don't disappear, they serve as a starting point for future implementations or are used directly. A bug in the RSA reference implementation was responsible for vulnerabilities in OpenSSL and two seperate SSH implementations. They can also be used to design hardware implementations, using buffer sizes to decide how much silicon should be used.
The other consideration is speed, which will be a factor in the choice of algorithm. The fix for the MD6 buffer issues was to double the size of a buffer, which could degrade the performance. On the other hand, memory leaks could slow an implementation. A correct implementation is an accurate implementation.