I object to the implicit criticism of the value of the audit here: independent audits drastically increase the value of security systems, because having someone without an existing mental model scrutinize code is a very good way to catch bugs, so users correctly consider an audited system more trustworthy. The audit is not more valuable than the original code, but it is much more valuable than the types of derivative work you mentioned.